← Back

CVE-2023-29189

nvd nist
Published: Apr 11, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields

Affected (13)

Sap
2 products
Customer Relationship Management S4fnd
Customer Relationship Management Webclient Ui
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Customer Relationship Management S4fnd
Version 102
Customer Relationship Management S4fnd
Version 103
Customer Relationship Management S4fnd
Version 104
Customer Relationship Management S4fnd
Version 105
Sap
Customer Relationship Management Webclient Ui
Version 700
Customer Relationship Management Webclient Ui
Version 701
Customer Relationship Management Webclient Ui
Version 730
Customer Relationship Management Webclient Ui
Version 731
Customer Relationship Management Webclient Ui
Version 746
Customer Relationship Management Webclient Ui
Version 747
Customer Relationship Management Webclient Ui
Version 748
Customer Relationship Management Webclient Ui
Version 800
Customer Relationship Management Webclient Ui
Version 801

Related CWEs

CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.