CVE-2019-0370

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:financial_consolidation:10.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:financial_consolidation:10.1:*:*:*:*:*:*:*

History

21 Nov 2024, 04:16

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/2806403 - Permissions Required () https://launchpad.support.sap.com/#/notes/2806403 - Permissions Required
References () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 - Vendor Advisory () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 - Vendor Advisory

Information

Published : 2019-10-08 20:15

Updated : 2024-11-21 04:16


NVD link : CVE-2019-0370

Mitre link : CVE-2019-0370

CVE.ORG link : CVE-2019-0370


JSON object : View

Products Affected

sap

  • financial_consolidation
CWE
CWE-91

XML Injection (aka Blind XPath Injection)