CVE-2022-26104

Name of the Vulnerable Software and Affected Versions SAP Financial Consolidation version 10.1

Description The issue is related to the lack of necessary authorization checks for updating homepage messages. This allows an unauthorized user to alter the maintenance system message.

Recommendations For SAP Financial Consolidation version 10.1, consider restricting access to the homepage message update functionality until a proper authorization check is implemented to prevent unauthorized alterations. As a temporary workaround, limit the ability of unauthorized users to modify the maintenance system message. At the moment, there is no information about a newer version that contains a fix for this vulnerability.