cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-37178,https://securityvulnerability.io/vulnerability/CVE-2024-37178,SAP Financial Consolidation Exposes Cross-Site Scripting Vulnerability,"SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can cause limited impact to confidentiality of the application.",SAP,SAP Financial Consolidation,5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T02:00:27.054Z,0 CVE-2024-37177,https://securityvulnerability.io/vulnerability/CVE-2024-37177,SAP Financial Consolidation Vulnerability: Untrusted Data Entry via Web Application,"The vulnerability in SAP Financial Consolidation arises from the application allowing data to be submitted through endpoints exposed over the network. This situation opens up the possibility for an attacker to exploit untrusted sources, potentially altering the application's content. The manipulation of data can lead to severe repercussions regarding the confidentiality and integrity of sensitive financial information, making it crucial for organizations using this software to implement necessary security measures.",SAP,SAP Financial Consolidation,8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T01:58:36.889Z,0 CVE-2022-41258,https://securityvulnerability.io/vulnerability/CVE-2022-41258,,"Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application. ",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0 CVE-2022-41208,https://securityvulnerability.io/vulnerability/CVE-2022-41208,,"Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application. ",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0 CVE-2022-41260,https://securityvulnerability.io/vulnerability/CVE-2022-41260,,"SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. ",SAP,SAP Financial Consolidation,6.1,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0 CVE-2022-31595,https://securityvulnerability.io/vulnerability/CVE-2022-31595,,"SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. ",SAP,SAP Financial Consolidation,8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2022-06-14T18:45:56.000Z,0 CVE-2022-26104,https://securityvulnerability.io/vulnerability/CVE-2022-26104,,"SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.",SAP,SAP Financial Consolidation,5.3,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2022-03-10T17:47:00.000Z,0 CVE-2019-0370,https://securityvulnerability.io/vulnerability/CVE-2019-0370,,"Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2019-10-08T19:20:08.000Z,0 CVE-2019-0369,https://securityvulnerability.io/vulnerability/CVE-2019-0369,,"SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-10-08T19:19:11.000Z,0 CVE-2018-2499,https://securityvulnerability.io/vulnerability/CVE-2018-2499,,"A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.",SAP,SAP Financial Consolidation Cube Designer (bobj Eades),7.5,HIGH,0.0015899999998509884,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0 CVE-2018-2444,https://securityvulnerability.io/vulnerability/CVE-2018-2444,,"SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Businessobjects Financial Consolidation,6.1,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2018-08-14T16:00:00.000Z,0