{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-37177","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2024-06-04T07:49:42.492Z","datePublished":"2024-06-11T01:58:36.889Z","dateUpdated":"2024-08-02T03:50:55.219Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP Financial Consolidation","vendor":"SAP_SE","versions":[{"status":"affected","version":"FINANCE 1010"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SAP Financial Consolidation allows data to enter\na Web application through an untrusted source. These endpoints are exposed over\nthe network and it allows the user to modify the content from the web site. On\nsuccessful exploitation, an attacker can cause significant impact to\nconfidentiality and integrity of the application.\n\n\n\n"}],"value":"SAP Financial Consolidation allows data to enter\na Web application through an untrusted source. These endpoints are exposed over\nthe network and it allows the user to modify the content from the web site. On\nsuccessful exploitation, an attacker can cause significant impact to\nconfidentiality and integrity of the application."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79: Improper Neutralization of Input During Web Page Generation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2024-06-11T01:58:36.889Z"},"references":[{"url":"https://me.sap.com/notes/3457592"},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}],"source":{"discovery":"UNKNOWN"},"title":"Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"sap","product":"financial_consolidation","cpes":["cpe:2.3:a:sap:financial_consolidation:1010:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1010","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-11T17:51:55.904409Z","id":"CVE-2024-37177","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-11T17:52:04.447Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:50:55.219Z"},"title":"CVE Program Container","references":[{"url":"https://me.sap.com/notes/3457592","tags":["x_transferred"]},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html","tags":["x_transferred"]}]}]}}