SAP Financial Consolidation Vulnerability: Untrusted Data Entry via Web Application

CVE-2024-37177

8.1HIGH

Key Information

Vendor: SAP
Status: SAP Financial Consolidation
Vendor: CVE Published:; 11 June 2024

Summary

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and integrity of the application.

Affected Version(s)

SAP Financial Consolidation = FINANCE 1010

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 11, 2024
Vulnerability Reserved.
Jun 4, 2024

Collectors

NVD DatabaseMitre Database