CVE-2019-0369

Name of the Vulnerable Software and Affected Versions SAP Financial Consolidation versions prior to 10.0 SAP Financial Consolidation version 10.1

Description The issue is related to insufficient encoding of user-controlled inputs, allowing an attacker to execute scripts by uploading files containing malicious scripts. This leads to a reflected cross-site scripting vulnerability. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks due to the lack of input data cleansing measures.

Recommendations For SAP Financial Consolidation versions prior to 10.0, update to version 10.0 or later to resolve the issue. For SAP Financial Consolidation version 10.1, update to a version later than 10.1 to resolve the issue. As a temporary workaround, consider restricting the upload of files to prevent the execution of malicious scripts until a patch is available.