SAP CRM WebClient Authentication Vulnerability Allows Escalation of Privileges
CVE-2024-37175

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crm Webclient Ui
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-37175?

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP CRM WebClient UI S4FND 102

SAP CRM WebClient UI S4FND 103

SAP CRM WebClient UI S4FND 104

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3467377

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Jun 4, 2024

JSON

SAP