Lucene search

SapVULNRICHMENT:CVE-2024-37177

HistoryJun 11, 2024 - 1:58 a.m.

CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

2024-06-1101:58:36

CWE-79

sap

github.com

cve-2024-37177

cross-site scripting

sap financial consolidation

untrusted source

network exposure

data modification

confidentiality impact

integrity impact

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

SAP Financial Consolidation allows data to enter
a Web application through an untrusted source. These endpoints are exposed over
the network and it allows the user to modify the content from the web site. On
successful exploitation, an attacker can cause significant impact to
confidentiality and integrity of the application.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:sap:financial_consolidation:1010:*:*:*:*:*:*:*"
    ],
    "vendor": "sap",
    "product": "financial_consolidation",
    "versions": [
      {
        "status": "affected",
        "version": "1010"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

me.sap.com/notes/3457592

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-37177