Unrated severityNVD Advisory· Published Oct 8, 2019· Updated Aug 4, 2024

CVE-2019-0370

Description

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

Affected products

Oracle Corporation/Financial Consolidation Hubllm-fuzzy
Range: before 10.0 and 10.1
SAP SE/SAP Financial Consolidationv5
Range: < 10.0

Patches

Vulnerability mechanics

References

launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000