CVE-2026-44768
4.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Summary
SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP CRM (WebClient UI) | S4FND 104 | affected |
| SAP_SE | SAP CRM (WebClient UI) | 105 | affected |
| SAP_SE | SAP CRM (WebClient UI) | 106 | affected |
Weaknesses
- CWE-15: CWE-15: External Control of System or Configuration Setting
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.