financial consolidation vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

Unspecified vulnerability in the Oracle Financial Consolidation Hub component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote malicious users to affect confidentiality via unknown vectors related to Business Intelligence.

Oracle Financial Consolidation Hub 12.1.3 Oracle Financial Consolidation Hub 12.1.2 Oracle Financial Consolidation Hub 12.1.1 Oracle Financial Consolidation Hub 11.5.10.2

3.5

CVSSv2

SAP Financial Consolidation, prior to 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an malicious user to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.

Sap Financial Consolidation 10.0 Sap Financial Consolidation 10.1

6.4

CVSSv2

Due to missing input validation, SAP Financial Consolidation, prior to 10.0 and 10.1, enables an malicious user to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

Sap Financial Consolidation 10.0 Sap Financial Consolidation 10.1

4.3

CVSSv2

SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Sap Businessobjects Financial Consolidation 10.1 Sap Businessobjects Financial Consolidation 10.0

5

CVSSv2

A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an malicious user to discover the password hash of an admin user.

Sap Financial Consolidation Cube Designer 10.1 Sap Financial Consolidation Cube Designer Bobj Eades 8.0

1 Article

NA

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated malicious user to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify informatio...

Sap Financial Consolidation 1010

NA

SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated malicious user to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impa...

Sap Financial Consolidation 1010

5

CVSSv2

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.

Sap Financial Consolidation 10.1

NA

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidential...

Sap Financial Consolidation 1010

4.3

CVSSv2

Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation prior to 2017-06-13, aka SAP Security Note 2422292.

Sap Businessobjects Financial Consolidation -

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook