CVE-2019-0369

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 47.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Financial Consolidation SAP Financial Consolidation

Timeline

PublishedOct 8

Latest updateMay 24

Description

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_financial_consolidation< 10.0+1

▶NVDsap/financial_consolidation10.0, 10.1+1

🔴Vulnerability Details

GHSA

GHSA-82mv-hh8r-x8q6: SAP Financial Consolidation, before versions 10↗2022-05-24

▶

CVEList

CVE-2019-0369: SAP Financial Consolidation, before versions 10↗2019-10-08

▶