Cross-Site Scripting Vulnerability in SAP Business Objects Financial Consolidation
CVE-2017-14516

6.1MEDIUM

Key Information:

Vendor: SAP
Status: Businessobjects Financial Consolidation
Vendor: CVE Published:; 3 December 2017

Summary

A Cross-Site Scripting (XSS) vulnerability was identified in the SAP Business Objects Financial Consolidation product prior to June 13, 2017. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access and data compromise. It is essential for users to apply the necessary security patches to safeguard their systems against this type of attack.

References

https://blogs.sap.com/2017/06/13/sap-security-patch-day-j...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 3, 2017
Vulnerability Reserved
Sep 17, 2017