SAP CRM WebClient UI Vulnerability Allows Unauthenticated Attacker to Execute Malicious Scripts
CVE-2024-37173

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crm Webclient Ui
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-37173?

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Affected Version(s)

SAP CRM WebClient UI S4FND 102

SAP CRM WebClient UI S4FND 103

SAP CRM WebClient UI S4FND 104

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3467377

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Jun 4, 2024