CVE-2024-37178

{"id": "CVE-2024-37178", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "published": "2024-06-11T02:15:09.487", "references": [{"url": "https://me.sap.com/notes/3457592", "source": "cna@sap.com"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP Financial Consolidation does not\nsufficiently encode user-controlled inputs, resulting in Cross-Site Scripting\n(XSS) vulnerability. These endpoints are exposed over the network. The\nvulnerability can exploit resources beyond the vulnerable component. On\nsuccessful exploitation, an attacker can cause limited impact to\nconfidentiality of the application."}, {"lang": "es", "value": "SAP Financial Consolidation no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). Estos endpoints est\u00e1n expuestos a trav\u00e9s de la red. La vulnerabilidad puede explotar recursos m\u00e1s all\u00e1 del componente vulnerable. Si la explotaci\u00f3n tiene \u00e9xito, un atacante puede causar un impacto limitado en la confidencialidad de la aplicaci\u00f3n."}], "lastModified": "2024-06-11T13:54:12.057", "sourceIdentifier": "cna@sap.com"}