We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-34686

Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)



Assignersap
Reserved2024-05-07
Published2024-06-11
Updated2024-08-02

Description

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.



MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Product status

Default status
unaffected

S4FND 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

WEBCUIF 700
affected

701
affected

730
affected

731
affected

746
affected

747
affected

748
affected

800
affected

801
affected

References

https://me.sap.com/notes/3465129

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

cve.org CVE-2024-34686

nvd.nist.gov CVE-2024-34686

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.