XPath Injection Vulnerability in SAP Financial Consolidation (Versions 10.0 and 10.1)

CVE-2019-0370 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

Learn more about our Web Application Penetration Testing UK.