Vulnerability in CRM Blueprint Application Builder Panel Could Allow for Information Access
CVE-2024-45279

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server For Abap (crm Blueprint Application Builder Panel)
Vendor: CVE Published:; 10 September 2024

Summary

Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Affected Version(s)

SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) 700

SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) 701

SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) 702

References

https://me.sap.com/notes/3501359

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 26, 2024