CVE-2019-0244

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 46.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP CRM Webclient UI (s4fnd)SAP SE SAP CRM Webclient UI (sapscore)SAP SE SAP CRM Webclient UI (webcuif)+3 more

Timeline

PublishedJan 8

Latest updateMay 14

Description

SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5sap_se/sap_crm_webclient_ui_(s4fnd)< 1.02

▶CVEListV5sap_se/sap_crm_webclient_ui_(webcuif)< 7.31+5

▶CVEListV5sap_se/sap_crm_webclient_ui_(sapscore)< 1.12

▶NVDsap/s4fnd1.02

▶NVDsap/sapscore1.12

🔴Vulnerability Details

GHSA

GHSA-57w8-fx56-9mg4: SAP CRM WebClient UI (fixed in SAPSCORE 1↗2022-05-14

▶

CVEList

CVE-2019-0244: SAP CRM WebClient UI (fixed in SAPSCORE 1↗2019-01-08

▶