CVE-2023-29189

Summary

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields

Affected Software

VendorProductVersion RangeStatus
SAPCRM (WebClient UI)S4FND 102affected
SAPCRM (WebClient UI)S4FND 103affected
SAPCRM (WebClient UI)S4FND 104affected
SAPCRM (WebClient UI)S4FND 105affected
SAPCRM (WebClient UI)S4FND 106affected
SAPCRM (WebClient UI)S4FND 107affected
SAPCRM (WebClient UI)WEBCUIF 700affected
SAPCRM (WebClient UI)WEBCUIF 701affected
SAPCRM (WebClient UI)WEBCUIF 731affected
SAPCRM (WebClient UI)WEBCUIF 730affected
SAPCRM (WebClient UI)WEBCUIF 746affected
SAPCRM (WebClient UI)WEBCUIF 747affected
SAPCRM (WebClient UI)WEBCUIF 748affected
SAPCRM (WebClient UI)WEBCUIF 800affected
SAPCRM (WebClient UI)WEBCUIF 801affected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References