CVE-2019-0370

Summary

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Financial Consolidation< 10.0affected
SAP SESAP Financial Consolidation< 10.1affected

Weaknesses

  • Others

ADP Enrichment

CVE Program Container

Additional References

References