CVE-2019-0370

Sažetak

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

Reference

https://launchpad.support.sap.com/#/notes/2806403
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

11-10-2019 - 13:27

Objavljeno

08-10-2019 - 20:15