Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SAP Financial Consolidation 跨站脚本漏洞
Vulnerability Description
SAP Financial Consolidation是德国思爱普(SAP)公司的一套财务报表解决方案。该产品主要用于自动化公司间对账和抵销、货币换算并提供财务报表生成等功能。 SAP Financial Consolidation 1010版本存在跨站脚本漏洞,该漏洞源于其对输入验证不足允许经过身份验证的攻击者在Web管理控制台中运行公共查询时注入恶意脚本。一旦成功利用,攻击者可以查看或修改信息,对应用程序的机密性、完整性和可用性造成有限的影响。
CVSS Information
N/A
Vulnerability Type
N/A