XSS in Sap Crm_-_webclient_ui
CVE-2024-22130
Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WE…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (24.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N.
Affected products
- Sap Crm_-_webclient_ui — versions s4fnd_102, s4fnd_103, s4fnd_104
- Sap_se Sap Crm Webclient Ui — versions S4FND 102, S4FND 103, S4FND 104
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cna@sap.com (Permissions Required)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-22130?
- CVE-2024-22130 is a high-severity vulnerability in Sap Crm_-_webclient_ui, classified under Cross-site Scripting. CVSS score: 7.6/10. Published 2024-02-13.
- How severe is CVE-2024-22130?
- High severity. CVSS v3 base score is 7.6 out of 10.
- Is CVE-2024-22130 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.