CVE-2019-0254

Name of the Vulnerable Software and Affected Versions SAP Disclosure Management versions prior to 10.1 Stack 1301

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. This vulnerability is associated with a lack of protection for the web page structure, which could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 10.1 Stack 1301, update to version 10.1 Stack 1301 or later to resolve the issue. As a temporary workaround, consider restricting access to the SAP Disclosure Management application until the update is applied.