Path Traversal in Sap Crm (Webclient Ui)
CVE-2023-29189
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is expos…
EPSS: 0.004 (35.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.
Affected products
- Sap Crm (Webclient Ui) — versions S4FND 102, S4FND 103, S4FND 104
- Sap Customer_relationship_management_s4fnd — versions 102, 103, 104
- Sap Customer_relationship_management_webclient_ui — versions 700, 701, 730
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-29189?
- CVE-2023-29189 is a medium-severity vulnerability in Sap Crm (Webclient Ui), classified under Relative Path Traversal. CVSS score: 5.4/10. Published 2023-04-11.
- How severe is CVE-2023-29189?
- Medium severity. CVSS v3 base score is 5.4 out of 10.