Vulnerability Details CVE-2024-37173
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.4%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2024-37173
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:102
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:103
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:104
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:105
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:106
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:107
-
cpe:2.3:a:sap:customer_relationship_management_s4fnd:108
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800
-
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801