Cross-Site Scripting Vulnerability in SAP BusinessObjects Financial Consolidation
CVE-2018-2444
6.1MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 August 2018
What is CVE-2018-2444?
SAP BusinessObjects Financial Consolidation versions 10.0 and 10.1 are vulnerable to Cross-Site Scripting due to insufficient encoding of user-controlled inputs. This weakness can be exploited by attackers to execute arbitrary scripts in the context of the user's browser, potentially leading to data theft, session hijacking, or other malicious activities. It is essential for users of the affected versions to apply recommended updates and security practices to mitigate the risks associated with this vulnerability.
Affected Version(s)
SAP BusinessObjects Financial Consolidation 10.0
SAP BusinessObjects Financial Consolidation 10.1