Cross-Site Scripting Vulnerability in SAP CRM Java Administration Console
CVE-2017-15294

6.1MEDIUM

Key Information:

Vendor

SAP
Status
Customer Relationship Management
Vendor
CVE Published:
16 October 2017

What is CVE-2017-15294?

The Java administration console within SAP CRM is susceptible to cross-site scripting (XSS) attacks, potentially allowing attackers to execute malicious scripts in the context of user sessions. This vulnerability emphasizes the need for proper input validation and output encoding to safeguard sensitive user data and maintain system integrity.

References

http://www.securityfocus.com/bid/99532
vdb-entryx_refsource_BID
https://erpscan.io/advisories/erpscan-17-035-xss-crm-admi...
x_refsource_MISC
https://blogs.sap.com/2017/07/11/sap-security-patch-day-j...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.