Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SAP Financial Consolidation 跨站脚本漏洞
Vulnerability Description
SAP Financial Consolidation是德国思爱普(SAP)公司的一套财务报表解决方案。该产品主要用于自动化公司间对账和抵销、货币换算并提供财务报表生成等功能。 SAP Financial Consolidation 1010版本存在跨站脚本漏洞,该漏洞源于其对输入验证不足导致允许具有用户权限的身份验证攻击者更改当前用户会话。成功利用后,攻击者可以查看或修改信息,对应用程序的机密性和完整性造成有限的影响。
CVSS Information
N/A
Vulnerability Type
N/A