CVE-2019-0370

medium

Description

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

https://launchpad.support.sap.com/#/notes/2806403

Details

Source: Mitre, NVD

Published: 2019-10-08

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0034