Vulnerability in CRM Blueprint Application Builder Panel Could Allow for Information Access

CVE-2024-45279

6.1MEDIUM

Key Information

Vendor: SAP
Status: SAP Netweaver Application Server For Abap (crm Blueprint Application Builder Panel)
Vendor: CVE Published:; 10 September 2024

Summary

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Affected Version(s)

SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) = 700

SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) = 701

SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) = 702

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Sep 10, 2024
Vulnerability Reserved.
Aug 26, 2024

Collectors

NVD DatabaseMitre Database