Lucene search

[email protected]CVE-2024-37178

HistoryJun 11, 2024 - 2:15 a.m.

CVE-2024-37178

2024-06-1102:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-37178

sap financial consolidation

cross-site scripting

network exposure

limited impact

confidentiality

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting
(XSS) vulnerability. These endpoints are exposed over the network. The
vulnerability can exploit resources beyond the vulnerable component. On
successful exploitation, an attacker can cause limited impact to
confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Financial Consolidation",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "FINANCE 1010"
      }
    ]
  }
]

References

me.sap.com/notes/3457592

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-37178

vulnrichment1 nvd1 cvelist1