CVE-2024-37173
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP CRM WebClient UI | S4FND 102 | affected |
| SAP_SE | SAP CRM WebClient UI | S4FND 103 | affected |
| SAP_SE | SAP CRM WebClient UI | S4FND 104 | affected |
| SAP_SE | SAP CRM WebClient UI | S4FND 105 | affected |
| SAP_SE | SAP CRM WebClient UI | S4FND 106 | affected |
| SAP_SE | SAP CRM WebClient UI | S4FND 107 | affected |
| SAP_SE | SAP CRM WebClient UI | S4FND 108 | affected |
| SAP_SE | SAP CRM WebClient UI | WEBCUIF 701 | affected |
| SAP_SE | SAP CRM WebClient UI | WEBCUIF 731 | affected |
| SAP_SE | SAP CRM WebClient UI | WEBCUIF 746 | affected |
| SAP_SE | SAP CRM WebClient UI | WEBCUIF 747 | affected |
| SAP_SE | SAP CRM WebClient UI | WEBCUIF 748 | affected |
| SAP_SE | SAP CRM WebClient UI | WEBCUIF 800 | affected |
| SAP_SE | SAP CRM WebClient UI | WEBCUIF 801 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.