SAP CRM WebClient UI Vulnerability in Multiple Versions
CVE-2018-2364

6.1MEDIUM

Key Information:

Vendor
SAP
Status
SAP Crm Webclient Ui
S4fnd
Vendor
CVE Published:
14 February 2018

Summary

The SAP CRM WebClient UI versions 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, and S4FND 1.02 are susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper validation and encoding of hidden fields. This weakness could allow attackers to inject malicious scripts into web pages viewed by users, potentially compromising the integrity of user sessions and sensitive data.

Affected Version(s)

S4FND 1.02

SAP CRM WebClient UI 7.01

SAP CRM WebClient UI 7.31

References

http://www.securityfocus.com/bid/103002
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2541700
x_refsource_CONFIRM
https://blogs.sap.com/2018/02/13/sap-security-patch-day-f...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.