Cross-Site Scripting Vulnerability in SAP CRM WebClient UI
CVE-2019-0244

5.4MEDIUM

Key Information:

Vendor

SAP
Status
SAP Crm Webclient Ui (SAPscore)
SAP Crm Webclient Ui (s4fnd)
SAP Crm Webclient Ui (webcuif)
Vendor
CVE Published:
8 January 2019

What is CVE-2019-0244?

The SAP CRM WebClient UI is susceptible to a Cross-Site Scripting (XSS) vulnerability due to inadequate encoding of user-controlled inputs. This flaw can allow attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive information and user sessions. SAP has released fixes in various software versions, ensuring proper input handling to mitigate this risk.

Affected Version(s)

SAP CRM WebClient UI (S4FND) < 1.02

SAP CRM WebClient UI (SAPSCORE) < 1.12

SAP CRM WebClient UI (WEBCUIF) < 7.31 < 7.31

References

https://launchpad.support.sap.com/#/notes/2588763
x_refsource_MISC
http://www.securityfocus.com/bid/106473
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-0244 : Cross-Site Scripting Vulnerability in SAP CRM WebClient UI