Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for customer_relationship_management_webclient_ui by sap

    CVE-2024-37175 (GCVE-0-2024-37175)

    Vulnerability from nvd – Published: 2024-07-09 04:07 – Updated: 2024-08-02 03:50
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    sap_se sap_crm_webclient_ui Affected: S4FND102 , ≤ S4FND108 (custom)
    Affected: WEBCUIF701
    Affected: WEBCUIF731
    Affected: WEBCUIF746 , ≤ WEBCUIF748 (custom)
    Affected: WEBCUIF800 , ≤ WEBCUIF801 (custom)
        cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_crm_webclient_ui",
                "vendor": "sap_se",
                "versions": [
                  {
                    "lessThanOrEqual": "S4FND108",
                    "status": "affected",
                    "version": "S4FND102",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "WEBCUIF701"
                  },
                  {
                    "status": "affected",
                    "version": "WEBCUIF731"
                  },
                  {
                    "lessThanOrEqual": "WEBCUIF748",
                    "status": "affected",
                    "version": "WEBCUIF746",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "WEBCUIF801",
                    "status": "affected",
                    "version": "WEBCUIF800",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:15:29.646801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T14:35:21.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation.\n\n\n\n"
                }
              ],
              "value": "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:07:21.612Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37175",
        "datePublished": "2024-07-09T04:07:21.612Z",
        "dateReserved": "2024-06-04T07:49:42.491Z",
        "dateUpdated": "2024-08-02T03:50:55.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39598 (GCVE-0-2024-39598)

    Vulnerability from nvd – Published: 2024-07-09 04:04 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39598",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T19:02:27.047209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T21:04:24.524Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:15.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP CRM (WebClient UI Framework) allows an\nauthenticated attacker to enumerate accessible HTTP endpoints in the internal\nnetwork by specially crafting HTTP requests. On successful exploitation this\ncan result in information disclosure. It has no impact on integrity and\navailability of the application.\n\n\n\n"
                }
              ],
              "value": "SAP CRM (WebClient UI Framework) allows an\nauthenticated attacker to enumerate accessible HTTP endpoints in the internal\nnetwork by specially crafting HTTP requests. On successful exploitation this\ncan result in information disclosure. It has no impact on integrity and\navailability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:04:41.283Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39598",
        "datePublished": "2024-07-09T04:04:41.283Z",
        "dateReserved": "2024-06-26T09:58:24.096Z",
        "dateUpdated": "2024-08-02T04:26:15.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37174 (GCVE-0-2024-37174)

    Vulnerability from nvd – Published: 2024-07-09 04:01 – Updated: 2024-08-02 03:50
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:42:49.319594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T16:31:22.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Custom CSS support option in SAP CRM WebClient\nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site\nScripting vulnerability. On successful exploitation an attacker can cause\nlimited impact on confidentiality and integrity of the application.\n\n\n\n"
                }
              ],
              "value": "Custom CSS support option in SAP CRM WebClient\nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site\nScripting vulnerability. On successful exploitation an attacker can cause\nlimited impact on confidentiality and integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:01:21.084Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37174",
        "datePublished": "2024-07-09T04:01:21.084Z",
        "dateReserved": "2024-06-04T07:49:42.491Z",
        "dateUpdated": "2024-08-02T03:50:55.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37173 (GCVE-0-2024-37173)

    Vulnerability from nvd – Published: 2024-07-09 03:57 – Updated: 2024-08-02 03:50
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T18:32:22.208693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T18:32:29.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:54.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\n \u003ctbody\u003e\u003ctr\u003e\n  \u003ctd\u003e\n  \u003cp\u003eDue to insufficient input validation, SAP\n  CRM WebClient UI allows an unauthenticated attacker to craft a URL link which\n  embeds a malicious script. When a victim clicks on this link, the script will\n  be executed in the victim\u0027s browser giving the attacker the ability to access\n  and/or modify information with no effect on availability of the application.\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n\u003c/tbody\u003e\u003c/table\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "Due to insufficient input validation, SAP\n  CRM WebClient UI allows an unauthenticated attacker to craft a URL link which\n  embeds a malicious script. When a victim clicks on this link, the script will\n  be executed in the victim\u0027s browser giving the attacker the ability to access\n  and/or modify information with no effect on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T03:57:15.928Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37173",
        "datePublished": "2024-07-09T03:57:15.928Z",
        "dateReserved": "2024-06-04T07:49:42.491Z",
        "dateUpdated": "2024-08-02T03:50:54.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34686 (GCVE-0-2024-34686)

    Vulnerability from nvd – Published: 2024-06-11 02:11 – Updated: 2024-08-02 02:59
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
    Summary
    Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: WEBCUIF 700
    Affected: 701
    Affected: 730
    Affected: 731
    Affected: 746
    Affected: 747
    Affected: 748
    Affected: 800
    Affected: 801
    Create a notification for this product.
    sap_se sap_crm_webclient_ui Affected: S4FND 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: WEBCUIF 700
    Affected: 701
    Affected: 730
    Affected: 731
    Affected: 746
    Affected: 747
    Affected: 748
    Affected: 800
    Affected: 801
        cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "sap_crm_webclient_ui",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "S4FND 102"
                  },
                  {
                    "status": "affected",
                    "version": "103"
                  },
                  {
                    "status": "affected",
                    "version": "104"
                  },
                  {
                    "status": "affected",
                    "version": "105"
                  },
                  {
                    "status": "affected",
                    "version": "106"
                  },
                  {
                    "status": "affected",
                    "version": "107"
                  },
                  {
                    "status": "affected",
                    "version": "WEBCUIF 700"
                  },
                  {
                    "status": "affected",
                    "version": "701"
                  },
                  {
                    "status": "affected",
                    "version": "730"
                  },
                  {
                    "status": "affected",
                    "version": "731"
                  },
                  {
                    "status": "affected",
                    "version": "746"
                  },
                  {
                    "status": "affected",
                    "version": "747"
                  },
                  {
                    "status": "affected",
                    "version": "748"
                  },
                  {
                    "status": "affected",
                    "version": "800"
                  },
                  {
                    "status": "affected",
                    "version": "801"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T13:30:24.401872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T13:41:52.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:22.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3465129"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "730"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "746"
                },
                {
                  "status": "affected",
                  "version": "747"
                },
                {
                  "status": "affected",
                  "version": "748"
                },
                {
                  "status": "affected",
                  "version": "800"
                },
                {
                  "status": "affected",
                  "version": "801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to insufficient input validation, SAP CRM\nWebClient UI allows an unauthenticated attacker to craft a URL link which\nembeds a malicious script. When a victim clicks on this link, the script will\nbe executed in the victim\u0027s browser giving the attacker the ability to access\nand/or modify information with no effect on availability of the application.\n\n\n\n"
                }
              ],
              "value": "Due to insufficient input validation, SAP CRM\nWebClient UI allows an unauthenticated attacker to craft a URL link which\nembeds a malicious script. When a victim clicks on this link, the script will\nbe executed in the victim\u0027s browser giving the attacker the ability to access\nand/or modify information with no effect on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T02:11:49.630Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3465129"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-34686",
        "datePublished": "2024-06-11T02:11:49.630Z",
        "dateReserved": "2024-05-07T05:46:11.657Z",
        "dateUpdated": "2024-08-02T02:59:22.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30742 (GCVE-0-2023-30742)

    Vulnerability from nvd – Published: 2023-05-09 01:35 – Updated: 2025-01-28 19:21
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
    Summary
    SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM (WebClient UI) Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 700
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:37:15.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3315971"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30742",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T19:21:07.669711Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T19:21:15.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM (WebClient UI)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 700"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user\u0027s session. The information from the victim\u0027s session could then be modified or read by the attacker.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user\u0027s session. The information from the victim\u0027s session could then be modified or read by the attacker.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T01:35:17.726Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3315971"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-30742",
        "datePublished": "2023-05-09T01:35:17.726Z",
        "dateReserved": "2023-04-14T06:01:02.875Z",
        "dateUpdated": "2025-01-28T19:21:15.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29188 (GCVE-0-2023-29188)

    Vulnerability from nvd – Published: 2023-05-09 00:57 – Updated: 2025-01-28 16:13
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
    Summary
    SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: SAPSCORE 129
    Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T16:13:12.372471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T16:13:33.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 129"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T00:57:57.055Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29188",
        "datePublished": "2023-05-09T00:57:57.055Z",
        "dateReserved": "2023-04-03T09:22:43.158Z",
        "dateUpdated": "2025-01-28T16:13:33.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29189 (GCVE-0-2023-29189)

    Vulnerability from nvd – Published: 2023-04-11 03:11 – Updated: 2025-02-07 19:31
    VLAI
    Title
    HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
    Summary
    SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP CRM (WebClient UI) Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 700
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 730
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3269352"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T19:31:40.763545Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T19:31:46.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CRM (WebClient UI)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 700"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 730"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:16:30.045Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3269352"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29189",
        "datePublished": "2023-04-11T03:11:30.554Z",
        "dateReserved": "2023-04-03T09:22:43.158Z",
        "dateUpdated": "2025-02-07T19:31:46.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24525 (GCVE-0-2023-24525)

    Vulnerability from nvd – Published: 2023-02-14 03:18 – Updated: 2025-03-20 20:22
    VLAI
    Summary
    SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP CRM (WebClient UI) Affected: WEBCUIF 748
    Affected: 800
    Affected: 801
    Affected: S4FND 102
    Affected: 103
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2788178"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-20T20:22:47.832336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:22:57.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CRM (WebClient UI)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "800"
                },
                {
                  "status": "affected",
                  "version": "801"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:25:50.210Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/2788178"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-24525",
        "datePublished": "2023-02-14T03:18:24.206Z",
        "dateReserved": "2023-01-25T15:46:55.581Z",
        "dateUpdated": "2025-03-20T20:22:57.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0245 (GCVE-0-2019-0245)

    Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:15.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106468",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106468"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106468",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106468"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0245",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106468",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106468"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0245",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:15.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0244 (GCVE-0-2019-0244)

    Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106473"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106473"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106473",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106473"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0244",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2364 (GCVE-0-2018-2364)

    Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
    VLAI
    Summary
    SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting (XSS)
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI Affected: 7.01
    Affected: 7.31
    Affected: 7.46
    Affected: 7.47
    Affected: 7.48
    Affected: 8.00
    Affected: 8.01
    Create a notification for this product.
    SAP SE S4FND Affected: 1.02
    Create a notification for this product.
    Date Public
    2018-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "103002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2541700"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.01"
                },
                {
                  "status": "affected",
                  "version": "7.31"
                },
                {
                  "status": "affected",
                  "version": "7.46"
                },
                {
                  "status": "affected",
                  "version": "7.47"
                },
                {
                  "status": "affected",
                  "version": "7.48"
                },
                {
                  "status": "affected",
                  "version": "8.00"
                },
                {
                  "status": "affected",
                  "version": "8.01"
                }
              ]
            },
            {
              "product": "S4FND",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.02"
                }
              ]
            }
          ],
          "datePublic": "2018-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-15T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "103002",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2541700"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2364",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.01"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.31"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.46"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.47"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.48"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.00"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "S4FND",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "103002",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103002"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2541700",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.support.sap.com/#/notes/2541700"
                },
                {
                  "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2364",
        "datePublished": "2018-02-14T12:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:14:39.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37175 (GCVE-0-2024-37175)

    Vulnerability from cvelistv5 – Published: 2024-07-09 04:07 – Updated: 2024-08-02 03:50
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    sap_se sap_crm_webclient_ui Affected: S4FND102 , ≤ S4FND108 (custom)
    Affected: WEBCUIF701
    Affected: WEBCUIF731
    Affected: WEBCUIF746 , ≤ WEBCUIF748 (custom)
    Affected: WEBCUIF800 , ≤ WEBCUIF801 (custom)
        cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_crm_webclient_ui",
                "vendor": "sap_se",
                "versions": [
                  {
                    "lessThanOrEqual": "S4FND108",
                    "status": "affected",
                    "version": "S4FND102",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "WEBCUIF701"
                  },
                  {
                    "status": "affected",
                    "version": "WEBCUIF731"
                  },
                  {
                    "lessThanOrEqual": "WEBCUIF748",
                    "status": "affected",
                    "version": "WEBCUIF746",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "WEBCUIF801",
                    "status": "affected",
                    "version": "WEBCUIF800",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:15:29.646801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-11T14:35:21.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation.\n\n\n\n"
                }
              ],
              "value": "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:07:21.612Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37175",
        "datePublished": "2024-07-09T04:07:21.612Z",
        "dateReserved": "2024-06-04T07:49:42.491Z",
        "dateUpdated": "2024-08-02T03:50:55.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39598 (GCVE-0-2024-39598)

    Vulnerability from cvelistv5 – Published: 2024-07-09 04:04 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39598",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T19:02:27.047209Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T21:04:24.524Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:15.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP CRM (WebClient UI Framework) allows an\nauthenticated attacker to enumerate accessible HTTP endpoints in the internal\nnetwork by specially crafting HTTP requests. On successful exploitation this\ncan result in information disclosure. It has no impact on integrity and\navailability of the application.\n\n\n\n"
                }
              ],
              "value": "SAP CRM (WebClient UI Framework) allows an\nauthenticated attacker to enumerate accessible HTTP endpoints in the internal\nnetwork by specially crafting HTTP requests. On successful exploitation this\ncan result in information disclosure. It has no impact on integrity and\navailability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:04:41.283Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39598",
        "datePublished": "2024-07-09T04:04:41.283Z",
        "dateReserved": "2024-06-26T09:58:24.096Z",
        "dateUpdated": "2024-08-02T04:26:15.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37174 (GCVE-0-2024-37174)

    Vulnerability from cvelistv5 – Published: 2024-07-09 04:01 – Updated: 2024-08-02 03:50
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:42:49.319594Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T16:31:22.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:55.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Custom CSS support option in SAP CRM WebClient\nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site\nScripting vulnerability. On successful exploitation an attacker can cause\nlimited impact on confidentiality and integrity of the application.\n\n\n\n"
                }
              ],
              "value": "Custom CSS support option in SAP CRM WebClient\nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site\nScripting vulnerability. On successful exploitation an attacker can cause\nlimited impact on confidentiality and integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:01:21.084Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37174",
        "datePublished": "2024-07-09T04:01:21.084Z",
        "dateReserved": "2024-06-04T07:49:42.491Z",
        "dateUpdated": "2024-08-02T03:50:55.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-37173 (GCVE-0-2024-37173)

    Vulnerability from cvelistv5 – Published: 2024-07-09 03:57 – Updated: 2024-08-02 03:50
    VLAI
    Title
    [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
    Summary
    Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: S4FND 108
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-37173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T18:32:22.208693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T18:32:29.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T03:50:54.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3467377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "S4FND 108"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\n \u003ctbody\u003e\u003ctr\u003e\n  \u003ctd\u003e\n  \u003cp\u003eDue to insufficient input validation, SAP\n  CRM WebClient UI allows an unauthenticated attacker to craft a URL link which\n  embeds a malicious script. When a victim clicks on this link, the script will\n  be executed in the victim\u0027s browser giving the attacker the ability to access\n  and/or modify information with no effect on availability of the application.\u003c/p\u003e\n  \u003c/td\u003e\n \u003c/tr\u003e\n\u003c/tbody\u003e\u003c/table\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "Due to insufficient input validation, SAP\n  CRM WebClient UI allows an unauthenticated attacker to craft a URL link which\n  embeds a malicious script. When a victim clicks on this link, the script will\n  be executed in the victim\u0027s browser giving the attacker the ability to access\n  and/or modify information with no effect on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T03:57:15.928Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3467377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-37173",
        "datePublished": "2024-07-09T03:57:15.928Z",
        "dateReserved": "2024-06-04T07:49:42.491Z",
        "dateUpdated": "2024-08-02T03:50:54.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-34686 (GCVE-0-2024-34686)

    Vulnerability from cvelistv5 – Published: 2024-06-11 02:11 – Updated: 2024-08-02 02:59
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
    Summary
    Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: S4FND 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: WEBCUIF 700
    Affected: 701
    Affected: 730
    Affected: 731
    Affected: 746
    Affected: 747
    Affected: 748
    Affected: 800
    Affected: 801
    Create a notification for this product.
    sap_se sap_crm_webclient_ui Affected: S4FND 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: WEBCUIF 700
    Affected: 701
    Affected: 730
    Affected: 731
    Affected: 746
    Affected: 747
    Affected: 748
    Affected: 800
    Affected: 801
        cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_crm_webclient_ui:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "sap_crm_webclient_ui",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "S4FND 102"
                  },
                  {
                    "status": "affected",
                    "version": "103"
                  },
                  {
                    "status": "affected",
                    "version": "104"
                  },
                  {
                    "status": "affected",
                    "version": "105"
                  },
                  {
                    "status": "affected",
                    "version": "106"
                  },
                  {
                    "status": "affected",
                    "version": "107"
                  },
                  {
                    "status": "affected",
                    "version": "WEBCUIF 700"
                  },
                  {
                    "status": "affected",
                    "version": "701"
                  },
                  {
                    "status": "affected",
                    "version": "730"
                  },
                  {
                    "status": "affected",
                    "version": "731"
                  },
                  {
                    "status": "affected",
                    "version": "746"
                  },
                  {
                    "status": "affected",
                    "version": "747"
                  },
                  {
                    "status": "affected",
                    "version": "748"
                  },
                  {
                    "status": "affected",
                    "version": "800"
                  },
                  {
                    "status": "affected",
                    "version": "801"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T13:30:24.401872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T13:41:52.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:59:22.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3465129"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "730"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "746"
                },
                {
                  "status": "affected",
                  "version": "747"
                },
                {
                  "status": "affected",
                  "version": "748"
                },
                {
                  "status": "affected",
                  "version": "800"
                },
                {
                  "status": "affected",
                  "version": "801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to insufficient input validation, SAP CRM\nWebClient UI allows an unauthenticated attacker to craft a URL link which\nembeds a malicious script. When a victim clicks on this link, the script will\nbe executed in the victim\u0027s browser giving the attacker the ability to access\nand/or modify information with no effect on availability of the application.\n\n\n\n"
                }
              ],
              "value": "Due to insufficient input validation, SAP CRM\nWebClient UI allows an unauthenticated attacker to craft a URL link which\nembeds a malicious script. When a victim clicks on this link, the script will\nbe executed in the victim\u0027s browser giving the attacker the ability to access\nand/or modify information with no effect on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T02:11:49.630Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3465129"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-34686",
        "datePublished": "2024-06-11T02:11:49.630Z",
        "dateReserved": "2024-05-07T05:46:11.657Z",
        "dateUpdated": "2024-08-02T02:59:22.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30742 (GCVE-0-2023-30742)

    Vulnerability from cvelistv5 – Published: 2023-05-09 01:35 – Updated: 2025-01-28 19:21
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
    Summary
    SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM (WebClient UI) Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 700
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:37:15.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3315971"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30742",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T19:21:07.669711Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T19:21:15.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM (WebClient UI)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 700"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user\u0027s session. The information from the victim\u0027s session could then be modified or read by the attacker.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user\u0027s session. The information from the victim\u0027s session could then be modified or read by the attacker.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T01:35:17.726Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3315971"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-30742",
        "datePublished": "2023-05-09T01:35:17.726Z",
        "dateReserved": "2023-04-14T06:01:02.875Z",
        "dateUpdated": "2025-01-28T19:21:15.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29188 (GCVE-0-2023-29188)

    Vulnerability from cvelistv5 – Published: 2023-05-09 00:57 – Updated: 2025-01-28 16:13
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
    Summary
    SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: SAPSCORE 129
    Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T16:13:12.372471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T16:13:33.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 129"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T00:57:57.055Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29188",
        "datePublished": "2023-05-09T00:57:57.055Z",
        "dateReserved": "2023-04-03T09:22:43.158Z",
        "dateUpdated": "2025-01-28T16:13:33.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29189 (GCVE-0-2023-29189)

    Vulnerability from cvelistv5 – Published: 2023-04-11 03:11 – Updated: 2025-02-07 19:31
    VLAI
    Title
    HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
    Summary
    SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP CRM (WebClient UI) Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 700
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 730
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3269352"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T19:31:40.763545Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T19:31:46.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CRM (WebClient UI)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 700"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 730"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:16:30.045Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3269352"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29189",
        "datePublished": "2023-04-11T03:11:30.554Z",
        "dateReserved": "2023-04-03T09:22:43.158Z",
        "dateUpdated": "2025-02-07T19:31:46.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24525 (GCVE-0-2023-24525)

    Vulnerability from cvelistv5 – Published: 2023-02-14 03:18 – Updated: 2025-03-20 20:22
    VLAI
    Summary
    SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP CRM (WebClient UI) Affected: WEBCUIF 748
    Affected: 800
    Affected: 801
    Affected: S4FND 102
    Affected: 103
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:04.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2788178"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-20T20:22:47.832336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:22:57.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CRM (WebClient UI)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "800"
                },
                {
                  "status": "affected",
                  "version": "801"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:25:50.210Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/2788178"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-24525",
        "datePublished": "2023-02-14T03:18:24.206Z",
        "dateReserved": "2023-01-25T15:46:55.581Z",
        "dateUpdated": "2025-03-20T20:22:57.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0244 (GCVE-0-2019-0244)

    Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106473"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106473"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106473",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106473"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0244",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0245 (GCVE-0-2019-0245)

    Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:15.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106468",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106468"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106468",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106468"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0245",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106468",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106468"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0245",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:15.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2364 (GCVE-0-2018-2364)

    Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
    VLAI
    Summary
    SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting (XSS)
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI Affected: 7.01
    Affected: 7.31
    Affected: 7.46
    Affected: 7.47
    Affected: 7.48
    Affected: 8.00
    Affected: 8.01
    Create a notification for this product.
    SAP SE S4FND Affected: 1.02
    Create a notification for this product.
    Date Public
    2018-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "103002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2541700"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.01"
                },
                {
                  "status": "affected",
                  "version": "7.31"
                },
                {
                  "status": "affected",
                  "version": "7.46"
                },
                {
                  "status": "affected",
                  "version": "7.47"
                },
                {
                  "status": "affected",
                  "version": "7.48"
                },
                {
                  "status": "affected",
                  "version": "8.00"
                },
                {
                  "status": "affected",
                  "version": "8.01"
                }
              ]
            },
            {
              "product": "S4FND",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.02"
                }
              ]
            }
          ],
          "datePublic": "2018-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-15T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "103002",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2541700"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2364",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.01"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.31"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.46"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.47"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.48"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.00"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "S4FND",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "103002",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103002"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2541700",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.support.sap.com/#/notes/2541700"
                },
                {
                  "name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2364",
        "datePublished": "2018-02-14T12:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:14:39.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }