CVE-2024-37173

Published: Jul 9, 2024Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Affected (14)

Products: Sap: Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui

Sap

2 products

Customer Relationship Management S4fnd

Customer Relationship Management Webclient Ui

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Sap Customer Relationship Management S4fnd	Version 102
Sap Customer Relationship Management S4fnd	Version 103
Sap Customer Relationship Management S4fnd	Version 104
Sap Customer Relationship Management S4fnd	Version 105
Sap Customer Relationship Management S4fnd	Version 106
Sap Customer Relationship Management S4fnd	Version 107
Sap Customer Relationship Management S4fnd	Version 108
Sap Customer Relationship Management Webclient Ui	Version 701
Sap Customer Relationship Management Webclient Ui	Version 731
Sap Customer Relationship Management Webclient Ui	Version 746
Sap Customer Relationship Management Webclient Ui	Version 747
Sap Customer Relationship Management Webclient Ui	Version 748
Sap Customer Relationship Management Webclient Ui	Version 800
Sap Customer Relationship Management Webclient Ui	Version 801