Sap Se Sap Crm vulnerabilities

4 known vulnerabilities affecting sap_se/sap_crm.

Total CVEs
4
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-24742MEDIUMCVSS 4.1vS4FND 102vS4FND 103+10 more2024-02-13
CVE-2024-24742 [MEDIUM] CWE-79 CVE-2024-24742: SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, W SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integri
cvelistv5nvd
CVE-2023-30742MEDIUMCVSS 6.1vS4FND 102vS4FND 103+12 more2023-05-09
CVE-2023-30742 [MEDIUM] CWE-79 CVE-2023-30742: SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicio
cvelistv5nvd
CVE-2021-33676HIGHCVSS 7.2fixed in 700fixed in 701+4 more2021-07-14
CVE-2021-33676 [HIGH] CWE-862 CVE-2021-33676: A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
cvelistv5nvd
CVE-2018-2380MEDIUMCVSS 6.6KEVPoCv7.01v7.02+4 more2018-03-01
CVE-2018-2380 [MEDIUM] CWE-22 CVE-2018-2380: SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
cvelistv5nvd