SAP Financial Consolidation

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in SAP Financial Consolidation.

By the Year

In 2026 there have been 1 vulnerability in SAP Financial Consolidation with an average score of 4.3 out of ten. Last year, in 2025 Financial Consolidation had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Financial Consolidation in 2026 could surpass last years number. Last year, the average CVE base score was greater by 5.50

Year	Vulnerabilities	Average Score
2026	1	4.30
2025	1	9.80
2024	2	0.00
2023	0	0.00
2022	4	5.83
2021	0	0.00
2020	0	0.00
2019	2	5.95

It may take a day or so for new Financial Consolidation vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent SAP Financial Consolidation Security Vulnerabilities

SAP Financial Consolidation Authenticated Session Termination
CVE-2026-40136 4.3 - Medium - May 12, 2026

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity of the data

Improper Resource Shutdown or Release

Unauthorized Admin Access via Improper Auth in SAP Financial Consolidation
CVE-2025-30016 9.8 - Critical - April 08, 2025

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.

Storage of Sensitive Data in a Mechanism without Access Control

SAP Financial Consolidation XSS via insufficient input encoding
CVE-2024-37178 - June 11, 2024

SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can cause limited impact to confidentiality of the application.

XSS

SAP Fin. Consolidation Untrusted Web Input Allows Site Modification
CVE-2024-37177 - June 11, 2024

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and integrity of the application.

XSS

SAP Financial Consolidation XSS via GET param Unauth Web Script Injection
CVE-2022-41260 6.1 - Medium - November 08, 2022

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

XSS

Script Injection in SAP Finance Consolidation Web Admin Console
CVE-2022-41258 6.5 - Medium - November 08, 2022

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.

XSS

SAP Financial Consolidation session hijacking via input validation flaw
CVE-2022-41208 5.4 - Medium - November 08, 2022

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.

XSS

SAP Financial Consolidation - version 10.1
CVE-2022-26104 5.3 - Medium - March 10, 2022

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.

AuthZ

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which
CVE-2019-0369 5.4 - Medium - October 08, 2019

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.

XSS

Due to missing input validation
CVE-2019-0370 6.5 - Medium - October 08, 2019

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

aka Blind XPath Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for SAP Financial Consolidation or by SAP? Click the Watch button to subscribe.

SAP
Vendor

SAP Financial Consolidation
Product

SAP Financial Consolidation

Don't miss out!

By the Year

Recent SAP Financial Consolidation Security Vulnerabilities

SAP Financial Consolidation Authenticated Session Termination CVE-2026-40136 4.3 - Medium - May 12, 2026

Unauthorized Admin Access via Improper Auth in SAP Financial Consolidation CVE-2025-30016 9.8 - Critical - April 08, 2025

SAP Financial Consolidation XSS via insufficient input encoding CVE-2024-37178 - June 11, 2024

SAP Fin. Consolidation Untrusted Web Input Allows Site Modification CVE-2024-37177 - June 11, 2024

SAP Financial Consolidation XSS via GET param Unauth Web Script Injection CVE-2022-41260 6.1 - Medium - November 08, 2022

Script Injection in SAP Finance Consolidation Web Admin Console CVE-2022-41258 6.5 - Medium - November 08, 2022

SAP Financial Consolidation session hijacking via input validation flaw CVE-2022-41208 5.4 - Medium - November 08, 2022

SAP Financial Consolidation - version 10.1 CVE-2022-26104 5.3 - Medium - March 10, 2022

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which CVE-2019-0369 5.4 - Medium - October 08, 2019

Due to missing input validation CVE-2019-0370 6.5 - Medium - October 08, 2019