CVE-2024-37175

CWE-862 — Missing Authorization3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 46.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP CRM Webclient UI SAP Customer Relationship Management S4fnd SAP Customer Relationship Management Webclient UI

Timeline

PublishedJul 9

Description

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5sap_se/sap_crm_webclient_ui14 versions+13

▶NVDsap/customer_relationship_management_webclient_ui7 versions+6

▶NVDsap/customer_relationship_management_s4fnd7 versions+6

🔴Vulnerability Details

CVEList

[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)↗2024-07-09

▶

GHSA

GHSA-m36r-6gcp-p7p5: SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges↗2024-07-09

▶