Vulnerability CVE-2024-37178


Published: 2024-06-11

Description:
SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting
(XSS) vulnerability. These endpoints are exposed over the network. The
vulnerability can exploit resources beyond the vulnerable component. On
successful exploitation, an attacker can cause limited impact to
confidentiality of the application.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://me.sap.com/notes/3457592
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Copyright 2026, cxsecurity.com

 

Back to Top