cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-37178,https://securityvulnerability.io/vulnerability/CVE-2024-37178,SAP Financial Consolidation Exposes Cross-Site Scripting Vulnerability,"SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting
(XSS) vulnerability. These endpoints are exposed over the network. The
vulnerability can exploit resources beyond the vulnerable component. On
successful exploitation, an attacker can cause limited impact to
confidentiality of the application.",SAP,SAP Financial Consolidation,5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T02:00:27.054Z,0
CVE-2024-37177,https://securityvulnerability.io/vulnerability/CVE-2024-37177,SAP Financial Consolidation Vulnerability: Untrusted Data Entry via Web Application,"The vulnerability in SAP Financial Consolidation arises from the application allowing data to be submitted through endpoints exposed over the network. This situation opens up the possibility for an attacker to exploit untrusted sources, potentially altering the application's content. The manipulation of data can lead to severe repercussions regarding the confidentiality and integrity of sensitive financial information, making it crucial for organizations using this software to implement necessary security measures.",SAP,SAP Financial Consolidation,8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T01:58:36.889Z,0
CVE-2022-41208,https://securityvulnerability.io/vulnerability/CVE-2022-41208,,"Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.

",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-41260,https://securityvulnerability.io/vulnerability/CVE-2022-41260,,"SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

",SAP,SAP Financial Consolidation,6.1,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-41258,https://securityvulnerability.io/vulnerability/CVE-2022-41258,,"Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.

",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-31595,https://securityvulnerability.io/vulnerability/CVE-2022-31595,,"SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

",SAP,SAP Financial Consolidation,8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2022-06-14T18:45:56.000Z,0
CVE-2022-31589,https://securityvulnerability.io/vulnerability/CVE-2022-31589,,"Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.",SAP,"SAP Erp, Localization For Cee Countries.,SAP Financials,SAP S/4hana Core",6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2022-06-14T18:36:39.000Z,0
CVE-2022-26104,https://securityvulnerability.io/vulnerability/CVE-2022-26104,,"SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.",SAP,SAP Financial Consolidation,5.3,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2022-03-10T17:47:00.000Z,0
CVE-2021-38164,https://securityvulnerability.io/vulnerability/CVE-2021-38164,,"SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.",SAP,SAP Erp Financial Accounting (rfopenposting Fr),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-09-14T11:19:00.000Z,0
CVE-2021-21486,https://securityvulnerability.io/vulnerability/CVE-2021-21486,,"SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,SAP Enterprise Financial Services (bank Customer Accounts),6.8,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2021-03-09T14:07:48.000Z,0
CVE-2020-6233,https://securityvulnerability.io/vulnerability/CVE-2020-6233,,"SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.",SAP,"SAP S/4 Hana (financial Products Subledger And Banking Services) (fSAPpl),SAP S/4 Hana (financial Products Subledger And Banking Services) (s4fpsl)",4.3,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2020-04-14T18:34:47.000Z,0
CVE-2020-6214,https://securityvulnerability.io/vulnerability/CVE-2020-6214,,"SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.",SAP,SAP S/4hana (financial Products Subledger),4.7,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2020-04-14T18:05:32.000Z,0
CVE-2019-0370,https://securityvulnerability.io/vulnerability/CVE-2019-0370,,"Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2019-10-08T19:20:08.000Z,0
CVE-2019-0369,https://securityvulnerability.io/vulnerability/CVE-2019-0369,,"SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-10-08T19:19:11.000Z,0
CVE-2019-0280,https://securityvulnerability.io/vulnerability/CVE-2019-0280,,"SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges.",SAP,"SAP Treasury And Risk Management(ea-finserv),SAP Enterprise Financial Services (s4core)",8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2019-05-14T20:20:04.000Z,0
CVE-2019-0276,https://securityvulnerability.io/vulnerability/CVE-2019-0276,,"Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges.",SAP,"Banking Services From SAP 9.0 (fSAPpl),SAP S/4hana Financial Products Subledger (s4fpsl)",8.8,HIGH,0.003490000031888485,false,false,false,false,,false,false,2019-03-12T22:00:00.000Z,0
CVE-2018-2484,https://securityvulnerability.io/vulnerability/CVE-2018-2484,,"SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,"SAP Enterprise Financial Services (SAPscore),SAP Enterprise Financial Services (s4core),SAP Enterprise Financial Services (ea-finserv),SAP Enterprise Financial Services (bank/cfm)",8.8,HIGH,0.002259999979287386,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0
CVE-2018-2499,https://securityvulnerability.io/vulnerability/CVE-2018-2499,,"A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.",SAP,SAP Financial Consolidation Cube Designer (bobj Eades),7.5,HIGH,0.0015899999998509884,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0
CVE-2018-2455,https://securityvulnerability.io/vulnerability/CVE-2018-2455,,"SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,SAP Enterprise Financial Services,8.8,HIGH,0.002259999979287386,false,false,false,false,,false,false,2018-09-11T15:00:00.000Z,0
CVE-2018-2454,https://securityvulnerability.io/vulnerability/CVE-2018-2454,,"SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,SAP Enterprise Financial Services,8.8,HIGH,0.002259999979287386,false,false,false,false,,false,false,2018-09-11T15:00:00.000Z,0
CVE-2018-2444,https://securityvulnerability.io/vulnerability/CVE-2018-2444,,"SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Businessobjects Financial Consolidation,6.1,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2018-08-14T16:00:00.000Z,0
CVE-2018-2419,https://securityvulnerability.io/vulnerability/CVE-2018-2419,,"SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,"SAP Enterprise Financial Services (SAPscore),SAP Enterprise Financial Services (s4core),SAP Enterprise Financial Services (ea-finserv)",3.7,LOW,0.0009200000204145908,false,false,false,false,,false,false,2018-05-09T20:00:00.000Z,0
CVE-2018-2381,https://securityvulnerability.io/vulnerability/CVE-2018-2381,,"SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,SAP Erp Financials Information System,8.8,HIGH,0.002259999979287386,false,false,false,false,,false,false,2018-02-14T12:00:00.000Z,0