CVE-2019-0370
MEDIUMSAP Financial Consolidation <10.0-10.1 - XPath Injection
Title source: llmDescription
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2806403
Scores
CVSS v3
6.5
EPSS
0.0072
EPSS Percentile
48.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-91
Status
published
Products (2)
sap/financial_consolidation
10.0
sap/financial_consolidation
10.1
Published
Oct 08, 2019
Tracked Since
Feb 18, 2026