CVE-2019-0370
N/A
N/A
Summary
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Financial Consolidation | < 10.0 | affected |
| SAP SE | SAP Financial Consolidation | < 10.1 | affected |
Weaknesses
- Others
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
- https://launchpad.support.sap.com/#/notes/2806403
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
- https://launchpad.support.sap.com/#/notes/2806403
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.