CVE-2022-41260

Name of the Vulnerable Software and Affected Versions SAP Financial Consolidation version 1010

Description The issue arises from insufficient encoding of user-controlled input, allowing an unauthenticated attacker to inject a web script via a GET request. Successful exploitation can lead to an attacker viewing or modifying information, resulting in a limited impact on the confidentiality and integrity of the application.

Recommendations For SAP Financial Consolidation version 1010, update to a version that sufficiently encodes user-controlled input to prevent web script injection via GET requests. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of exploitation.