{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T21:40:57.491","vulnerabilities":[{"cve":{"id":"CVE-2024-37178","sourceIdentifier":"cna@sap.com","published":"2024-06-11T02:15:09.487","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SAP Financial Consolidation does not\nsufficiently encode user-controlled inputs, resulting in Cross-Site Scripting\n(XSS) vulnerability. These endpoints are exposed over the network. The\nvulnerability can exploit resources beyond the vulnerable component. On\nsuccessful exploitation, an attacker can cause limited impact to\nconfidentiality of the application."},{"lang":"es","value":"SAP Financial Consolidation no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). Estos endpoints están expuestos a través de la red. La vulnerabilidad puede explotar recursos más allá del componente vulnerable. Si la explotación tiene éxito, un atacante puede causar un impacto limitado en la confidencialidad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://me.sap.com/notes/3457592","source":"cna@sap.com"},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html","source":"cna@sap.com"},{"url":"https://me.sap.com/notes/3457592","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}