CVE-2019-0369
CVE-2019-0369
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
08 Oct 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
Affected products
SAP SE · SAP Financial ConsolidationWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →