CVE-2019-0370
CVE-2019-0370
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
08 Oct 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
Affected products
SAP SE · SAP Financial ConsolidationWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →