Cross-Site Scripting Vulnerability in SAP CRM WebClient UI
CVE-2023-24525

4.3MEDIUM

Key Information:

Vendor: SAP
Status: Crm (webclient Ui)
Vendor: CVE Published:; 14 February 2023

Summary

The SAP CRM WebClient UI versions WEBCUIF 748, 800, 801, and S4FND 102, 103 exhibit inadequate encoding of user input, leading to a Cross-Site Scripting (XSS) vulnerability. This flaw enables authenticated attackers to execute arbitrary scripts in the context of a victim's browser session, potentially compromising sensitive information and affecting the confidentiality of the application in limited ways. Users are advised to apply the latest patches and follow best practices for securing their environments.

Affected Version(s)

CRM (WebClient UI) WEBCUIF 748

CRM (WebClient UI) 800

CRM (WebClient UI) 801

References

https://launchpad.support.sap.com/#/notes/2788178

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 25, 2023