CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
SAP Financial Consolidation allows data to enter
a Web application through an untrusted source. These endpoints are exposed over
the network and it allows the user to modify the content from the web site. On
successful exploitation, an attacker can cause significant impact to
confidentiality and integrity of the application.
[
{
"cpes": [
"cpe:2.3:a:sap:financial_consolidation:1010:*:*:*:*:*:*:*"
],
"vendor": "sap",
"product": "financial_consolidation",
"versions": [
{
"status": "affected",
"version": "1010"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total