CVE-2023-27897

CWE-94 — Code Injection3 documents3 sources

Severity

6.3MEDIUM

EPSS

2.5%

top 14.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP CRM SAP Customer Relationship Management

Timeline

PublishedApr 11

Description

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5sap/crm5 versions+4

▶NVDsap/customer_relationship_management5 versions+4

🔴Vulnerability Details

CVEList

Code Injection vulnerability in SAP CRM↗2023-04-11

▶

GHSA

GHSA-5558-5q6p-4jgw: In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authoriza↗2023-04-11

▶