CVE-2019-0244

Summary

SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP CRM WebClient UI (SAPSCORE)< 1.12affected
SAP SESAP CRM WebClient UI (S4FND)< 1.02affected
SAP SESAP CRM WebClient UI (WEBCUIF)< 7.31affected
SAP SESAP CRM WebClient UI (WEBCUIF)< 7.46affected
SAP SESAP CRM WebClient UI (WEBCUIF)< 7.47affected
SAP SESAP CRM WebClient UI (WEBCUIF)< 7.48affected
SAP SESAP CRM WebClient UI (WEBCUIF)< 8.0affected
SAP SESAP CRM WebClient UI (WEBCUIF)< 8.01affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References