CVE-2024-22130

Severity CVSS v4.0:

Pending analysis

Type:

CWE-79 Cross-Site Scripting (XSS)

Publication date:

13/02/2024

Last modified:

16/10/2024

Description

Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.<br /> <br />

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.40 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

Base Score 3.x

5.40

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_102:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_103:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_104:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_105:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_106:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_107:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_108:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_700:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_701:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_730:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_731:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_746:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_747:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_748:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_800:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_102:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_103:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_104:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_105:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_106:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_107:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_108:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_700:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_701:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_730:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_731:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_746:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_747:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_748:::::::*
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_800:::::::*

CVE-2024-22130

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools