CVE-2024-37175

Summary

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP CRM WebClient UIS4FND 102affected
SAP_SESAP CRM WebClient UIS4FND 103affected
SAP_SESAP CRM WebClient UIS4FND 104affected
SAP_SESAP CRM WebClient UIS4FND 105affected
SAP_SESAP CRM WebClient UIS4FND 106affected
SAP_SESAP CRM WebClient UIS4FND 107affected
SAP_SESAP CRM WebClient UIS4FND 108affected
SAP_SESAP CRM WebClient UIWEBCUIF 701affected
SAP_SESAP CRM WebClient UIWEBCUIF 731affected
SAP_SESAP CRM WebClient UIWEBCUIF 746affected
SAP_SESAP CRM WebClient UIWEBCUIF 747affected
SAP_SESAP CRM WebClient UIWEBCUIF 748affected
SAP_SESAP CRM WebClient UIWEBCUIF 800affected
SAP_SESAP CRM WebClient UIWEBCUIF 801affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References