CVE-2019-0370

Name of the Vulnerable Software and Affected Versions SAP Financial Consolidation versions prior to 10.0 SAP Financial Consolidation version 10.1

Description The issue is related to errors in processing XML requests in the SAP Financial Consolidation web application. It allows a remote attacker to conduct an XPath injection attack due to missing input validation. This enables the attacker to interfere with the structure of the surrounding query using crafted input.

Recommendations For SAP Financial Consolidation versions prior to 10.0, update to version 10.0 or later to resolve the issue. For SAP Financial Consolidation version 10.1, update to a version later than 10.1 to resolve the issue. As a temporary workaround, consider restricting input validation to minimize the risk of exploitation.