CVE-2023-24525

Summary

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAPCRM (WebClient UI)WEBCUIF 748affected
SAPCRM (WebClient UI)800affected
SAPCRM (WebClient UI)801affected
SAPCRM (WebClient UI)S4FND 102affected
SAPCRM (WebClient UI)103affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References