CVE-2023-24525
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
14/02/2023
Last modified:
11/04/2023
Description
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.<br />
<br />
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.40:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.50:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.52:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:s4fnd:1.03:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page