CVE-2023-29189

CWE-233 documents3 sources

Severity

5.4MEDIUM

EPSS

0.5%

top 36.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP CRM (webclient UI)SAP Customer Relationship Management S4fnd SAP Customer Relationship Management Webclient UI

Timeline

PublishedApr 11

Description

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5sap/crm_(webclient_ui)15 versions+14

▶NVDsap/customer_relationship_management_s4fnd4 versions+3

▶NVDsap/customer_relationship_management_webclient_ui9 versions+8

🔴Vulnerability Details

GHSA

GHSA-w474-j546-fcg4: SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated at↗2023-04-11

▶

CVEList

HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)↗2023-04-11

▶