Sap: >> Customer Relationship Management S4fnd >> 108 Security Vulnerabilities
SAP CRM WebClient does not
perform necessary authorization check for an authenticated user, resulting in
escalation of privileges. This could allow an attacker to access some sensitive
information.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-09
SAP CRM (WebClient UI Framework) allows an
authenticated attacker to enumerate accessible HTTP endpoints in the internal
network by specially crafting HTTP requests. On successful exploitation this
can result in information disclosure. It has no impact on integrity and
availability of the application.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-07-09
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-09
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-09