Input Validation Flaw in SAP Financial Consolidation Affects Web Administration Console
CVE-2022-41258

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Financial Consolidation
Vendor: CVE Published:; 8 November 2022

What is CVE-2022-41258?

An input validation flaw in SAP Financial Consolidation version 1010 permits authenticated attackers to perform script injection through the Web Administration Console when executing a common query. This vulnerability can lead to unauthorized access to sensitive information, as attackers may modify or view data that compromises the application's overall confidentiality, integrity, and availability.

Affected Version(s)

SAP Financial Consolidation = 1010

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3260708

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Sep 21, 2022