Reflected Cross-Site Scripting Vulnerability in SAP Financial Consolidation
CVE-2019-0369
5.4MEDIUM
Summary
SAP Financial Consolidation versions prior to 10.0 and 10.1 are susceptible to reflected cross-site scripting due to improper encoding of user-controlled inputs. This vulnerability allows attackers to craft malicious files that, when uploaded, can execute harmful scripts. Exploiting this vulnerability may lead to unauthorized actions or data exposure, significantly impacting the security posture of organizations utilizing the affected versions.
Affected Version(s)
SAP Financial Consolidation < 10.0 < 10.0
SAP Financial Consolidation < 10.1 < 10.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved