Vulnerabilities > SAP > Financial Consolidation

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-41208 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session.
network
low complexity
sap CWE-79
5.4
2022-11-08 CVE-2022-41258 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console.
network
low complexity
sap CWE-79
6.5
2022-11-08 CVE-2022-41260 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request.
network
low complexity
sap CWE-79
6.1
2022-03-10 CVE-2022-26104 Missing Authorization vulnerability in SAP Financial Consolidation 10.1
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
network
low complexity
sap CWE-862
5.3
2019-10-08 CVE-2019-0370 XML Injection (aka Blind XPath Injection) vulnerability in SAP Financial Consolidation 10.0/10.1
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
network
low complexity
sap CWE-91
6.5
2019-10-08 CVE-2019-0369 Cross-site Scripting vulnerability in SAP Financial Consolidation 10.0/10.1
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
network
low complexity
sap CWE-79
5.4