CVE-2022-41258

Name of the Vulnerable Software and Affected Versions SAP Financial Consolidation version 1010

Description The issue is due to insufficient input validation, allowing an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information, causing a limited impact on confidentiality, integrity, and availability of the application.

Recommendations For SAP Financial Consolidation version 1010, consider disabling the Web Administration Console or restricting access to it until a patch is available. As a temporary workaround, limit the ability to run common queries in the console to minimize the risk of exploitation.