CVE-2024-37177

Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

CVSS 8.1 HIGHEPSS 0.4%CWE-79

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 jun 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and integrity of the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Produtos afetados

SAP_SE · SAP Financial Consolidation

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3457592 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html