Sap Se Sap Crm Webclient Ui vulnerabilities
10 known vulnerabilities affecting sap_se/sap_crm_webclient_ui.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM9
Vulnerabilities
Page 1 of 1
CVE-2024-39598HIGHCVSS 7.7vS4FND 102vS4FND 103+12 more2024-07-09
CVE-2024-39598 [HIGH] CWE-918 CVE-2024-39598: SAP CRM (WebClient UI Framework) allows an
authenticated attacker to enumerate accessible HTTP endpo
SAP CRM (WebClient UI Framework) allows an
authenticated attacker to enumerate accessible HTTP endpoints in the internal
network by specially crafting HTTP requests. On successful exploitation this
can result in information disclosure. It has no impact on integrity and
availability of the application.
cvelistv5nvd
CVE-2024-37174MEDIUMCVSS 6.1vS4FND 102vS4FND 103+12 more2024-07-09
CVE-2024-37174 [MEDIUM] CWE-79 CVE-2024-37174: Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled input
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.
cvelistv5nvd
CVE-2024-37175MEDIUMCVSS 6.5vS4FND 102vS4FND 103+12 more2024-07-09
CVE-2024-37175 [MEDIUM] CWE-862 CVE-2024-37175: SAP CRM WebClient does not
perform necessary authorization check for an authenticated user, resultin
SAP CRM WebClient does not
perform necessary authorization check for an authenticated user, resulting in
escalation of privileges. This could allow an attacker to access some sensitive
information.
cvelistv5nvd
CVE-2024-37173MEDIUMCVSS 6.1vS4FND 102vS4FND 103+12 more2024-07-09
CVE-2024-37173 [MEDIUM] CWE-79 CVE-2024-37173: Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to c
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
cvelistv5nvd
CVE-2024-34686MEDIUMCVSS 6.1vS4FND 102v103+13 more2024-06-11
CVE-2024-34686 [MEDIUM] CWE-79 CVE-2024-34686: Due to insufficient input validation, SAP CRM
WebClient UI allows an unauthenticated attacker to cra
Due to insufficient input validation, SAP CRM
WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
cvelistv5nvd
CVE-2024-22130MEDIUMCVSS 5.4vS4FND 102vS4FND 103+14 more2024-02-13
CVE-2024-22130 [MEDIUM] CWE-79 CVE-2024-22130: Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105,
Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. A
cvelistv5nvd
CVE-2023-29188MEDIUMCVSS 5.4vSAPSCORE 129vS4FND 102+12 more2023-05-09
CVE-2023-29188 [MEDIUM] CWE-79 CVE-2023-29188: SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106,
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacke
cvelistv5nvd
CVE-2019-0245MEDIUMCVSS 5.4fixed in 1.12fixed in 1.02+6 more2019-01-08
CVE-2019-0245 [MEDIUM] CWE-79 CVE-2019-0245: SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01)
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
cvelistv5nvd
CVE-2019-0244MEDIUMCVSS 5.4fixed in 1.12fixed in 1.02+6 more2019-01-08
CVE-2019-0244 [MEDIUM] CWE-79 CVE-2019-0244: SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01)
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
cvelistv5nvd
CVE-2018-2364MEDIUMCVSS 6.1v7.01v7.31+5 more2018-02-14
CVE-2018-2364 [MEDIUM] CWE-79 CVE-2018-2364: SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently val
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
cvelistv5nvd