CVE-2019-0369

Summary

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Financial Consolidation< 10.0affected
SAP SESAP Financial Consolidation< 10.1affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References