Financial Consolidation Hub

CVEs (8)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2022-41260	Oracle Corporation Financial Consolidation Hub	—	0.00	Nov 8, 2022	SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on…
CVE-2022-41208	Oracle Corporation Financial Consolidation Hub	—	0.00	Nov 8, 2022	Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on…
CVE-2022-41258	Oracle Corporation Financial Consolidation Hub	—	0.00	Nov 8, 2022	Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information…
CVE-2022-31595	Oracle Corporation Financial Consolidation Hub	—	0.01	Jun 14, 2022	SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2022-26104	Oracle Corporation Financial Consolidation Hub	—	0.01	Mar 8, 2022	SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
CVE-2019-0370	Oracle Corporation Financial Consolidation Hub	—	0.01	Oct 8, 2019	Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
CVE-2019-0369	Oracle Corporation Financial Consolidation Hub	—	0.01	Oct 8, 2019	SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
CVE-2016-0538	Oracle Corporation Financial Consolidation Hub	—	0.02	Jan 21, 2016	Unspecified vulnerability in the Oracle Financial Consolidation Hub component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Business Intelligence.

CVE-2022-41260Nov 8, 2022
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.00
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on…
CVE-2022-41208Nov 8, 2022
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.00
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on…
CVE-2022-41258Nov 8, 2022
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.00
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information…
CVE-2022-31595Jun 14, 2022
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.01
SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2022-26104Mar 8, 2022
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.01
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
CVE-2019-0370Oct 8, 2019
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.01
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
CVE-2019-0369Oct 8, 2019
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.01
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
CVE-2016-0538Jan 21, 2016
Oracle Corporation
Financial Consolidation Hub
risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Financial Consolidation Hub component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Business Intelligence.