SAP Financial Consolidation, before versions 10.0 XML Injection (aka Blind XPath Injection) Vulnerability

Summary

SAP Financial Consolidation, before versions 10.0 suffers from xml injection (aka Blind XPath Injection) vulnerability 

Credit:

The information has been provided by Vendor

The original article can be found at:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

 


Details

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.

Vulnerable Systems:

SAP Financial Consolidation, before versions 10.0 

CVE Information:

CVE-2019-0370

Disclosure Timeline:
Published Date:10/08/2019