// For flags

CVE-2024-37177

Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

SAP Financial Consolidation allows data to enter
a Web application through an untrusted source. These endpoints are exposed over
the network and it allows the user to modify the content from the web site. On
successful exploitation, an attacker can cause significant impact to
confidentiality and integrity of the application.

SAP Financial Consolidation permite que los datos ingresen a una aplicación web a través de una fuente que no es de confianza. Estos endpoints están expuestos a través de la red y permiten al usuario modificar el contenido del sitio web. Si la explotación tiene éxito, un atacante puede causar un impacto significativo en la confidencialidad y la integridad de la aplicación.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-06-04 CVE Reserved
  • 2024-06-11 CVE Published
  • 2024-06-11 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
SAP SE
Search vendor "SAP SE"
 SAP Financial Consolidation
Search vendor "SAP SE" for product "SAP Financial Consolidation"
 1010
Search vendor "SAP SE" for product "SAP Financial Consolidation" and version "1010"
en
Affected