cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37178,https://securityvulnerability.io/vulnerability/CVE-2024-37178,SAP Financial Consolidation Exposes Cross-Site Scripting Vulnerability,"SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting
(XSS) vulnerability. These endpoints are exposed over the network. The
vulnerability can exploit resources beyond the vulnerable component. On
successful exploitation, an attacker can cause limited impact to
confidentiality of the application.",SAP,SAP Financial Consolidation,5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T02:00:27.054Z,0
CVE-2024-37177,https://securityvulnerability.io/vulnerability/CVE-2024-37177,SAP Financial Consolidation Vulnerability: Untrusted Data Entry via Web Application,"The vulnerability in SAP Financial Consolidation arises from the application allowing data to be submitted through endpoints exposed over the network. This situation opens up the possibility for an attacker to exploit untrusted sources, potentially altering the application's content. The manipulation of data can lead to severe repercussions regarding the confidentiality and integrity of sensitive financial information, making it crucial for organizations using this software to implement necessary security measures.",SAP,SAP Financial Consolidation,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T01:58:36.889Z,0
CVE-2022-41258,https://securityvulnerability.io/vulnerability/CVE-2022-41258,Input Validation Flaw in SAP Financial Consolidation Affects Web Administration Console,"An input validation flaw in SAP Financial Consolidation version 1010 permits authenticated attackers to perform script injection through the Web Administration Console when executing a common query. This vulnerability can lead to unauthorized access to sensitive information, as attackers may modify or view data that compromises the application's overall confidentiality, integrity, and availability.",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-41208,https://securityvulnerability.io/vulnerability/CVE-2022-41208,Insufficient Input Validation in SAP Financial Consolidation Software,"SAP Financial Consolidation version 1010 is vulnerable to an issue stemming from insufficient input validation. This vulnerability allows an authenticated attacker with user privileges to manipulate the current user session. If exploited, the attacker could gain access to view or modify sensitive information, potentially affecting the confidentiality and integrity of the application. Users should apply the latest updates and patches to safeguard against this risk.",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-41260,https://securityvulnerability.io/vulnerability/CVE-2022-41260,Web Script Injection Vulnerability in SAP Financial Consolidation by SAP,"The vulnerability in SAP Financial Consolidation version 1010 allows for insufficient encoding of user-controlled input, which may enable unauthenticated attackers to inject web scripts via a GET request. If exploited, this could lead to unauthorized access to modify or view information, thereby impacting the confidentiality and integrity of the application. It's essential for users of this software to remain vigilant and apply the necessary updates or mitigations to safeguard their systems.",SAP,SAP Financial Consolidation,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-31595,https://securityvulnerability.io/vulnerability/CVE-2022-31595,SAP Financial Consolidation Privilege Escalation Vulnerability,"SAP Financial Consolidation version 1010 has been identified as lacking essential authorization checks for authenticated users. This oversight enables a potential escalation of privileges, allowing unauthorized access to sensitive functionalities. Organizations using this version should take proactive steps to mitigate risks associated with this vulnerability.",SAP,SAP Financial Consolidation,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-06-14T18:45:56.000Z,0
CVE-2022-26104,https://securityvulnerability.io/vulnerability/CVE-2022-26104,Authorization Check Vulnerability in SAP Financial Consolidation by SAP,"SAP Financial Consolidation version 10.1 contains a vulnerability due to insufficient authorization checks when updating homepage messages. This flaw allows unauthorized users to modify system messages, potentially leading to misinformation and manipulation of the application's behavior. It is crucial for organizations using this product to assess their configurations and implement necessary security measures to mitigate potential exploits.",SAP,SAP Financial Consolidation,5.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2019-0370,https://securityvulnerability.io/vulnerability/CVE-2019-0370,XPath Injection Vulnerability in SAP Financial Consolidation Software,"The vulnerability arises from inadequate input validation in SAP Financial Consolidation, which affects versions prior to 10.0 and 10.1. Attackers may exploit this weakness by providing specially crafted input, disrupting the structure of queries and enabling unauthorized access to sensitive information or manipulation of data. This poses significant risks regarding data integrity and confidentiality.",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2019-10-08T19:20:08.000Z,0
CVE-2019-0369,https://securityvulnerability.io/vulnerability/CVE-2019-0369,Reflected Cross-Site Scripting Vulnerability in SAP Financial Consolidation,"SAP Financial Consolidation versions prior to 10.0 and 10.1 are susceptible to reflected cross-site scripting due to improper encoding of user-controlled inputs. This vulnerability allows attackers to craft malicious files that, when uploaded, can execute harmful scripts. Exploiting this vulnerability may lead to unauthorized actions or data exposure, significantly impacting the security posture of organizations utilizing the affected versions.",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:19:11.000Z,0
CVE-2018-2499,https://securityvulnerability.io/vulnerability/CVE-2018-2499,,"A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.",SAP,SAP Financial Consolidation Cube Designer (bobj Eades),7.5,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2019-01-08T20:00:00.000Z,0
CVE-2018-2444,https://securityvulnerability.io/vulnerability/CVE-2018-2444,,"SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Businessobjects Financial Consolidation,6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2018-08-14T16:00:00.000Z,0