SAP CRM WebClient Cross-Site Scripting Vulnerability
CVE-2024-37174

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crm Webclient Ui
Vendor: CVE Published:; 9 July 2024

Summary

Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

Affected Version(s)

SAP CRM WebClient UI S4FND 102

SAP CRM WebClient UI S4FND 103

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3467377

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Jun 4, 2024