CVE-2019-0368

Summary

SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Customer Relationship Management (Email Management - S4CRM)< 1.0affected
SAP SESAP Customer Relationship Management (Email Management - S4CRM)< 2.0affected
SAP SESAP Customer Relationship Management (Email Management - BBPCRM)< 7.0affected
SAP SESAP Customer Relationship Management (Email Management - BBPCRM)< 7.01affected
SAP SESAP Customer Relationship Management (Email Management - BBPCRM)< 7.02affected
SAP SESAP Customer Relationship Management (Email Management - BBPCRM)< 7.12affected
SAP SESAP Customer Relationship Management (Email Management - BBPCRM)< 7.13affected
SAP SESAP Customer Relationship Management (Email Management - BBPCRM)< 7.14affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References