CVE-2024-34686

Published: Jun 11, 2024Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Affected (15)

Products: Sap: Customer Relationship Management Webclient Ui

Sap

1 product

Customer Relationship Management Webclient Ui

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Sap Customer Relationship Management Webclient Ui	Version 103
Sap Customer Relationship Management Webclient Ui	Version 104
Sap Customer Relationship Management Webclient Ui	Version 105
Sap Customer Relationship Management Webclient Ui	Version 106
Sap Customer Relationship Management Webclient Ui	Version 107
Sap Customer Relationship Management Webclient Ui	Version 701
Sap Customer Relationship Management Webclient Ui	Version 730
Sap Customer Relationship Management Webclient Ui	Version 731
Sap Customer Relationship Management Webclient Ui	Version 746
Sap Customer Relationship Management Webclient Ui	Version 747
Sap Customer Relationship Management Webclient Ui	Version 748
Sap Customer Relationship Management Webclient Ui	Version 800
Sap Customer Relationship Management Webclient Ui	Version 801
Sap Customer Relationship Management Webclient Ui	Version s4fnd_102
Sap Customer Relationship Management Webclient Ui	Version webcuif_700