Vulnerability Details CVE-2024-34686
Due to insufficient input validation, SAP CRM
WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.0%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2024-34686
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:103
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:104
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:105
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:106
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:107
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:730
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:s4fnd_102
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:webcuif_700