SAP CRM WebClient UI vulnerable to Cross-Site Scripting
CVE-2024-22130

7.6HIGH

Key Information:

Vendor

SAP

Vendor
CVE Published:
13 February 2024

What is CVE-2024-22130?

The Print preview feature in SAP CRM WebClient UI fails to properly encode user inputs, leading to a Cross-Site Scripting vulnerability. This flaw allows attackers with minimal privileges to manipulate application data, posing risks to data confidentiality and integrity during exploitation. Versions impacted include multiple iterations of S4FND and WEBCUIF components.

Affected Version(s)

SAP CRM WebClient UI S4FND 102

SAP CRM WebClient UI S4FND 103

SAP CRM WebClient UI S4FND 104

References

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-22130 : SAP CRM WebClient UI vulnerable to Cross-Site Scripting