THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-34686

Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Reserved:2024-05-07
Published:2024-06-11
Updated:2024-06-11

Description

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.



MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation

Product status

Default status
unaffected

S4FND 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

WEBCUIF 700
affected

701
affected

730
affected

731
affected

746
affected

747
affected

748
affected

800
affected

801
affected

References

https://me.sap.com/notes/3465129

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

cve.org CVE-2024-34686

nvd.nist.gov CVE-2024-34686

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-34686