PT-2019-4329 · Sap · Sap Financial Consolidation

Publicado

2019-10-08

Atualizado

2019-10-10

CVE-2019-0369

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP Financial Consolidation versions prior to 10.0 SAP Financial Consolidation version 10.1

Description The issue is related to insufficient encoding of user-controlled inputs, allowing an attacker to execute scripts by uploading files containing malicious scripts. This leads to a reflected cross-site scripting vulnerability. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks due to the lack of input data cleansing measures.

Recommendations For SAP Financial Consolidation versions prior to 10.0, update to version 10.0 or later to resolve the issue. For SAP Financial Consolidation version 10.1, update to a version later than 10.1 to resolve the issue. As a temporary workaround, consider restricting the upload of files to prevent the execution of malicious scripts until a patch is available.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2020-00044

CVE-2019-0369

Produtos afetados

Sap Financial Consolidation

PT-2019-4329 · Sap · Sap Financial Consolidation

CVE-2019-0369

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5