SAP Financial Consolidation
By the Year
In 2024 there have been 0 vulnerabilities in SAP Financial Consolidation . Financial Consolidation did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 4 | 5.83 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 5.95 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Financial Consolidation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Financial Consolidation Security Vulnerabilities
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may
CVE-2022-41260
6.1 - Medium
- November 08, 2022
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
XSS
Due to insufficient input validation, SAP Financial Consolidation - version 1010
CVE-2022-41258
6.5 - Medium
- November 08, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.
XSS
Due to insufficient input validation, SAP Financial Consolidation - version 1010
CVE-2022-41208
5.4 - Medium
- November 08, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.
XSS
SAP Financial Consolidation - version 10.1
CVE-2022-26104
5.3 - Medium
- March 10, 2022
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
AuthZ
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which
CVE-2019-0369
5.4 - Medium
- October 08, 2019
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
XSS
Due to missing input validation
CVE-2019-0370
6.5 - Medium
- October 08, 2019
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
aka Blind XPath Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Financial Consolidation or by SAP? Click the Watch button to subscribe.
