Unauthenticated User Can Modify SAP Financial Consolidation Maintenance System Message

Unauthenticated User Can Modify SAP Financial Consolidation Maintenance System Message

CVE-2022-26104 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.

Learn more about our User Device Pen Test.