SAP CRM WebClient Authentication Vulnerability Allows Escalation of Privileges
CVE-2024-37175

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crm Webclient Ui
Vendor: CVE Published:; 9 July 2024

Summary

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.

Affected Version(s)

SAP CRM WebClient UI S4FND 102

SAP CRM WebClient UI S4FND 103

SAP CRM WebClient UI S4FND 104

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3467377

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Jun 4, 2024