Sap Customer_relationship_management_webclient_ui
12 CVEs affecting Sap Customer_relationship_management_webclient_ui. Latest disclosed: 2024-07-09. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-37174 | Medium | 6.1 | 2024-07-09 | Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On succe… |
CVE-2024-37173 | Medium | 6.1 | 2024-07-09 | Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a v… |
CVE-2024-34686 | Medium | 6.1 | 2024-06-11 | Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victi… |
CVE-2023-30742 | Medium | 6.1 | 2023-05-09 | SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF… |
CVE-2018-2364 | Medium | 6.1 | 2018-02-14 | SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site… |
CVE-2023-29188 | Medium | 5.4 | 2023-05-09 | SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF… |
CVE-2023-29189 | Medium | 5.4 | 2023-04-11 | SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to… |
CVE-2019-0245 | Medium | 5.4 | 2019-01-08 | SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resul… |
CVE-2019-0244 | Medium | 5.4 | 2019-01-08 | SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resul… |
CVE-2024-39598 | Medium | 5.0 | 2024-07-09 | SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP req… |
CVE-2024-37175 | Medium | 4.3 | 2024-07-09 | SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker… |
CVE-2023-24525 | Medium | 4.3 | 2023-02-14 | SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (… |