Vulnerability Details CVE-2023-27897
In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.4%
CVSS Severity
CVSS v3 Score 6.0
References
Products affected by CVE-2023-27897
-
cpe:2.3:a:sap:customer_relationship_management:700
-
cpe:2.3:a:sap:customer_relationship_management:701
-
cpe:2.3:a:sap:customer_relationship_management:702
-
cpe:2.3:a:sap:customer_relationship_management:712
-
cpe:2.3:a:sap:customer_relationship_management:713