Sap: >> Customer Relationship Management >> 7.02 Security Vulnerabilities
CVE-2018-2380
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
Known exploited
CVSS Score
6.6
EPSS Score
0.453
Published
2018-03-01
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-02-14
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
CVSS Score
10.0
EPSS Score
0.013
Published
2013-12-13