cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37178,https://securityvulnerability.io/vulnerability/CVE-2024-37178,SAP Financial Consolidation Exposes Cross-Site Scripting Vulnerability,"SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting
(XSS) vulnerability. These endpoints are exposed over the network. The
vulnerability can exploit resources beyond the vulnerable component. On
successful exploitation, an attacker can cause limited impact to
confidentiality of the application.",SAP,SAP Financial Consolidation,5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T02:00:27.054Z,0
CVE-2024-37177,https://securityvulnerability.io/vulnerability/CVE-2024-37177,SAP Financial Consolidation Vulnerability: Untrusted Data Entry via Web Application,"The vulnerability in SAP Financial Consolidation arises from the application allowing data to be submitted through endpoints exposed over the network. This situation opens up the possibility for an attacker to exploit untrusted sources, potentially altering the application's content. The manipulation of data can lead to severe repercussions regarding the confidentiality and integrity of sensitive financial information, making it crucial for organizations using this software to implement necessary security measures.",SAP,SAP Financial Consolidation,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T01:58:36.889Z,0
CVE-2022-41260,https://securityvulnerability.io/vulnerability/CVE-2022-41260,Web Script Injection Vulnerability in SAP Financial Consolidation by SAP,"The vulnerability in SAP Financial Consolidation version 1010 allows for insufficient encoding of user-controlled input, which may enable unauthenticated attackers to inject web scripts via a GET request. If exploited, this could lead to unauthorized access to modify or view information, thereby impacting the confidentiality and integrity of the application. It's essential for users of this software to remain vigilant and apply the necessary updates or mitigations to safeguard their systems.",SAP,SAP Financial Consolidation,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-41258,https://securityvulnerability.io/vulnerability/CVE-2022-41258,Input Validation Flaw in SAP Financial Consolidation Affects Web Administration Console,"An input validation flaw in SAP Financial Consolidation version 1010 permits authenticated attackers to perform script injection through the Web Administration Console when executing a common query. This vulnerability can lead to unauthorized access to sensitive information, as attackers may modify or view data that compromises the application's overall confidentiality, integrity, and availability.",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-41208,https://securityvulnerability.io/vulnerability/CVE-2022-41208,Insufficient Input Validation in SAP Financial Consolidation Software,"SAP Financial Consolidation version 1010 is vulnerable to an issue stemming from insufficient input validation. This vulnerability allows an authenticated attacker with user privileges to manipulate the current user session. If exploited, the attacker could gain access to view or modify sensitive information, potentially affecting the confidentiality and integrity of the application. Users should apply the latest updates and patches to safeguard against this risk.",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-08T00:00:00.000Z,0
CVE-2022-31595,https://securityvulnerability.io/vulnerability/CVE-2022-31595,SAP Financial Consolidation Privilege Escalation Vulnerability,"SAP Financial Consolidation version 1010 has been identified as lacking essential authorization checks for authenticated users. This oversight enables a potential escalation of privileges, allowing unauthorized access to sensitive functionalities. Organizations using this version should take proactive steps to mitigate risks associated with this vulnerability.",SAP,SAP Financial Consolidation,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-06-14T18:45:56.000Z,0
CVE-2022-31589,https://securityvulnerability.io/vulnerability/CVE-2022-31589,Improper Authorization Check in SAP Business User Interface,"An improper authorization check within the SAP Business User Interface, specifically for users accessing the Israeli File from the SHAAM program, allows business users to obtain elevated permissions. This flaw enables unauthorized access to sensitive data and facilitates transactions that should be restricted, raising significant security concerns for organizations reliant on this system.",SAP,"SAP Erp, Localization For Cee Countries.,SAP Financials,SAP S/4hana Core",6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-06-14T18:36:39.000Z,0
CVE-2022-26104,https://securityvulnerability.io/vulnerability/CVE-2022-26104,Authorization Check Vulnerability in SAP Financial Consolidation by SAP,"SAP Financial Consolidation version 10.1 contains a vulnerability due to insufficient authorization checks when updating homepage messages. This flaw allows unauthorized users to modify system messages, potentially leading to misinformation and manipulation of the application's behavior. It is crucial for organizations using this product to assess their configurations and implement necessary security measures to mitigate potential exploits.",SAP,SAP Financial Consolidation,5.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2021-38164,https://securityvulnerability.io/vulnerability/CVE-2021-38164,Unauthorized Access Vulnerability in SAP ERP Financial Accounting,"A vulnerability exists in SAP ERP Financial Accounting that permits a registered attacker to execute functions typically restricted to specific users. This flaw permits unauthorized access to sensitive financial data, which could lead to unjustified viewing and modification of accounting information that should remain confidential. The affected versions expose certain functions over the network, making it imperative for organizations to address this security gap to protect their financial integrity.",SAP,SAP Erp Financial Accounting (rfopenposting Fr),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-14T11:19:00.000Z,0
CVE-2021-21486,https://securityvulnerability.io/vulnerability/CVE-2021-21486,Authorization Check Flaw in SAP Enterprise Financial Services,"SAP Enterprise Financial Services versions 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, and 800 are susceptible to an authorization check flaw that permits unauthorized escalation of privileges for an authenticated user. This security lapse occurs due to inadequate verification of user permissions, potentially allowing malicious actors to gain higher access than intended, compromising system integrity and data confidentiality.",SAP,SAP Enterprise Financial Services (bank Customer Accounts),6.8,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-03-09T14:07:48.000Z,0
CVE-2020-6233,https://securityvulnerability.io/vulnerability/CVE-2020-6233,Missing Authorization Check in SAP S/4 HANA Financial Products Subledger and Banking Services,"In SAP S/4 HANA, specifically within the Financial Products Subledger and Banking Services, an issue exists that allows authenticated users to bypass essential authorization checks. This vulnerability enables these users to execute analysis reports without proper permissions, which can lead to a decline in system performance due to excessive resource consumption. It is crucial for organizations to secure their SAP environments against such risks to maintain operational integrity and ensure that user permissions are effectively enforced.",SAP,"SAP S/4 Hana (financial Products Subledger And Banking Services) (fSAPpl),SAP S/4 Hana (financial Products Subledger And Banking Services) (s4fpsl)",4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2020-04-14T18:34:47.000Z,0
CVE-2020-6214,https://securityvulnerability.io/vulnerability/CVE-2020-6214,Authorization Flaw in SAP S/4HANA Financial Products Subledger,"The vulnerability in SAP S/4HANA Financial Products Subledger arises from an incorrect authorization object utilized in certain reports. While other authorization objects may offer some level of protection, the exploitation of this flaw could allow an authenticated user to access, modify, or delete sensitive data. This compromises the essential segregation of duties within the system, leading to significant security concerns for organizations relying on this software.",SAP,SAP S/4hana (financial Products Subledger),4.7,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2020-04-14T18:05:32.000Z,0
CVE-2019-0370,https://securityvulnerability.io/vulnerability/CVE-2019-0370,XPath Injection Vulnerability in SAP Financial Consolidation Software,"The vulnerability arises from inadequate input validation in SAP Financial Consolidation, which affects versions prior to 10.0 and 10.1. Attackers may exploit this weakness by providing specially crafted input, disrupting the structure of queries and enabling unauthorized access to sensitive information or manipulation of data. This poses significant risks regarding data integrity and confidentiality.",SAP,SAP Financial Consolidation,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2019-10-08T19:20:08.000Z,0
CVE-2019-0369,https://securityvulnerability.io/vulnerability/CVE-2019-0369,Reflected Cross-Site Scripting Vulnerability in SAP Financial Consolidation,"SAP Financial Consolidation versions prior to 10.0 and 10.1 are susceptible to reflected cross-site scripting due to improper encoding of user-controlled inputs. This vulnerability allows attackers to craft malicious files that, when uploaded, can execute harmful scripts. Exploiting this vulnerability may lead to unauthorized actions or data exposure, significantly impacting the security posture of organizations utilizing the affected versions.",SAP,SAP Financial Consolidation,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:19:11.000Z,0
CVE-2019-0280,https://securityvulnerability.io/vulnerability/CVE-2019-0280,Privilege Escalation in SAP Treasury and Risk Management by SAP,"SAP Treasury and Risk Management versions EA-FINSERV and S4CORE are affected by a vulnerability that lacks necessary authorization checks for critical authorization objects, specifically T_DEAL_DP and T_DEAL_PD. This oversight could allow unauthorized users to escalate their privileges, granting them access to sensitive financial data and operational capabilities they would not normally have. Organizations utilizing these versions should prioritize applying the updates provided by SAP to mitigate potential risks associated with this vulnerability.",SAP,"SAP Treasury And Risk Management(ea-finserv),SAP Enterprise Financial Services (s4core)",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-05-14T20:20:04.000Z,0
CVE-2019-0276,https://securityvulnerability.io/vulnerability/CVE-2019-0276,Authorization Check Flaw in SAP Banking Services,"An authorization check flaw exists in SAP Banking Services and SAP S/4HANA Financial Products Subledger, which can be exploited by authenticated users to escalate privileges. This vulnerability arises from inadequate validation of user permissions within the banking services, potentially allowing malicious actions that could affect system integrity and user data. It is essential for organizations using these products to apply necessary patches or mitigations to safeguard their systems from unauthorized access.",SAP,"Banking Services From SAP 9.0 (fSAPpl),SAP S/4hana Financial Products Subledger (s4fpsl)",8.8,HIGH,0.003490000031888485,false,,false,false,false,,,false,false,,2019-03-12T22:00:00.000Z,0
CVE-2018-2484,https://securityvulnerability.io/vulnerability/CVE-2018-2484,Authorization Flaw in SAP Enterprise Financial Services by SAP,"SAP Enterprise Financial Services has a vulnerability that allows authenticated users to bypass necessary authorization checks. This flaw can lead to unauthorized privilege escalation, potentially allowing an attacker to gain access to sensitive functionalities and data. It affects multiple versions of SAPSCORE, S4CORE, EA-FINSERV, and Bank/CFM products. Users and organizations utilizing these services must apply the relevant updates to mitigate this risk.",SAP,"SAP Enterprise Financial Services (SAPscore),SAP Enterprise Financial Services (s4core),SAP Enterprise Financial Services (ea-finserv),SAP Enterprise Financial Services (bank/cfm)",8.8,HIGH,0.002259999979287386,false,,false,false,false,,,false,false,,2019-01-08T20:00:00.000Z,0
CVE-2018-2499,https://securityvulnerability.io/vulnerability/CVE-2018-2499,Security Vulnerability in SAP Financial Consolidation Cube Designer by SAP,"A security vulnerability in SAP Financial Consolidation Cube Designer may allow attackers to exploit weaknesses in the system and retrieve the password hash of an administrative user. This flaw, present in versions 8.0 and 10.1, poses a potential risk to organizations by making it easier for unauthorized individuals to access sensitive administrative accounts. Organizations using these versions should apply relevant updates and patches to mitigate risks associated with this vulnerability.",SAP,SAP Financial Consolidation Cube Designer (bobj Eades),7.5,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2019-01-08T20:00:00.000Z,0
CVE-2018-2455,https://securityvulnerability.io/vulnerability/CVE-2018-2455,Privilege Escalation Vulnerability in SAP Enterprise Financial Services,"SAP Enterprise Financial Services versions 6.05, 6.06, 6.16, 6.17, 6.18, and 8.0 have a vulnerability that allows an authenticated user to bypass requisite authorization checks, leading to potential privilege escalation. This flaw could be exploited to gain unauthorized access and carry out operations beyond intended permissions.",SAP,SAP Enterprise Financial Services,8.8,HIGH,0.002259999979287386,false,,false,false,false,,,false,false,,2018-09-11T15:00:00.000Z,0
CVE-2018-2454,https://securityvulnerability.io/vulnerability/CVE-2018-2454,Authorization Flaw in SAP Enterprise Financial Services,"The SAP Enterprise Financial Services product versions 6.05, 6.06, 6.16, 6.17, 6.18, and 8.0 have been reported to lack proper authorization checks within the business function EAFS_BCA_BUSOPR_2. This vulnerability allows for authenticated users to escalate their privileges erroneously, potentially allowing unauthorized access to sensitive operations. Organizations using these affected versions are advised to apply relevant patches and review user permissions to mitigate this security risk.",SAP,SAP Enterprise Financial Services,8.8,HIGH,0.002259999979287386,false,,false,false,false,,,false,false,,2018-09-11T15:00:00.000Z,0
CVE-2018-2444,https://securityvulnerability.io/vulnerability/CVE-2018-2444,Cross-Site Scripting Vulnerability in SAP BusinessObjects Financial Consolidation,"SAP BusinessObjects Financial Consolidation versions 10.0 and 10.1 are vulnerable to Cross-Site Scripting due to insufficient encoding of user-controlled inputs. This weakness can be exploited by attackers to execute arbitrary scripts in the context of the user's browser, potentially leading to data theft, session hijacking, or other malicious activities. It is essential for users of the affected versions to apply recommended updates and security practices to mitigate the risks associated with this vulnerability.",SAP,SAP Businessobjects Financial Consolidation,6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2018-08-14T16:00:00.000Z,0
CVE-2018-2419,https://securityvulnerability.io/vulnerability/CVE-2018-2419,Privilege Escalation in SAP Enterprise Financial Services by SAP,"The vulnerability involves a failure in SAP Enterprise Financial Services to enforce necessary authorization checks for authenticated users. This weakness can potentially allow attackers to escalate their privileges and gain unauthorized access to sensitive functionalities and data. The affected versions of SAP products include various iterations of SAPSCORE and EA-FINSERV, emphasizing the need for immediate patching and security measures to mitigate these risks.",SAP,"SAP Enterprise Financial Services (SAPscore),SAP Enterprise Financial Services (s4core),SAP Enterprise Financial Services (ea-finserv)",3.7,LOW,0.0009200000204145908,false,,false,false,false,,,false,false,,2018-05-09T20:00:00.000Z,0
CVE-2018-2381,https://securityvulnerability.io/vulnerability/CVE-2018-2381,SAP ERP Financials Information System Escalation of Privileges Vulnerability,"In SAP ERP Financials Information System, outdated authorization checks for authenticated users may allow for privilege escalation. This can enable malicious actors to gain elevated access rights, compromising the integrity and confidentiality of sensitive financial data. It is crucial for SAP users to apply relevant patches and assess their systems to mitigate the risk associated with this vulnerability.",SAP,SAP Erp Financials Information System,8.8,HIGH,0.002259999979287386,false,,false,false,false,,,false,false,,2018-02-14T12:00:00.000Z,0