Cross-Site Scripting Vulnerability in SAP BusinessObjects Financial Consolidation
CVE-2018-2444

6.1MEDIUM

Key Information:

Vendor
SAP
Status
SAP Businessobjects Financial Consolidation
Vendor
CVE Published:
14 August 2018

Summary

SAP BusinessObjects Financial Consolidation versions 10.0 and 10.1 are vulnerable to Cross-Site Scripting due to insufficient encoding of user-controlled inputs. This weakness can be exploited by attackers to execute arbitrary scripts in the context of the user's browser, potentially leading to data theft, session hijacking, or other malicious activities. It is essential for users of the affected versions to apply recommended updates and security practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

SAP BusinessObjects Financial Consolidation 10.0

SAP BusinessObjects Financial Consolidation 10.1

References

http://www.securityfocus.com/bid/105087
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2621395
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.