SAP CRM WebClient Authentication Vulnerability Allows Escalation of Privileges

CVE-2024-37175

6.5MEDIUM

Key Information

Vendor: SAP
Status: SAP Crm Webclient Ui
Vendor: CVE Published:; 9 July 2024

Summary

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.

Affected Version(s)

SAP CRM WebClient UI = S4FND 102

SAP CRM WebClient UI = S4FND 103

SAP CRM WebClient UI = S4FND 104

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 9, 2024
Vulnerability Reserved.
Jun 4, 2024

Collectors

NVD DatabaseMitre Database