Vulnerability Details CVE-2019-0368
SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2019-0368
-
cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.0
-
cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.01
-
cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.02
-
cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.12
-
cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.13
-
cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.14
-
cpe:2.3:a:sap:customer_relationship_management_s4crm:1.0
-
cpe:2.3:a:sap:customer_relationship_management_s4crm:2.0