Sap Customer Relationship Management vulnerabilities

7 known vulnerabilities affecting sap/customer_relationship_management.

Total CVEs
7
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2023-27897MEDIUMCVSS 6.3v700v701+3 more2023-04-11
CVE-2023-27897 [MEDIUM] CWE-94 CVE-2023-27897: In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administr In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can ha
nvd
CVE-2021-33676HIGHCVSS 7.2v700v701+4 more2021-07-14
CVE-2021-33676 [HIGH] CWE-862 CVE-2021-33676: A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
nvd
CVE-2018-2380MEDIUMCVSS 6.6KEVPoCv7.01v7.02+4 more2018-03-01
CVE-2018-2380 [MEDIUM] CWE-22 CVE-2018-2380: SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
nvd
CVE-2017-15296HIGHCVSS 8.8v700v701+6 more2017-10-16
CVE-2017-15296 [HIGH] CWE-352 CVE-2017-15296: The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
nvd
CVE-2017-15294MEDIUMCVSS 6.1v700v701+6 more2017-10-16
CVE-2017-15294 [MEDIUM] CWE-79 CVE-2017-15294: The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
nvd
CVE-2014-1962MEDIUMCVSS 5.0v7.022014-02-14
CVE-2014-1962 [MEDIUM] CWE-200 CVE-2014-1962: Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
nvd
CVE-2013-7095CRITICALCVSS 10.0v7.022013-12-13
CVE-2013-7095 [CRITICAL] CVE-2013-7095: The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
nvd