Search criteria
15 vulnerabilities found for s4fnd by sap
FKIE_CVE-2023-29188
Vulnerability from fkie_nvd - Published: 2023-05-09 01:15 - Updated: 2024-11-21 07:56
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | customer_relationship_management_webclient_ui | 7.01 | |
| sap | customer_relationship_management_webclient_ui | 7.31 | |
| sap | customer_relationship_management_webclient_ui | 7.46 | |
| sap | customer_relationship_management_webclient_ui | 7.47 | |
| sap | customer_relationship_management_webclient_ui | 7.48 | |
| sap | customer_relationship_management_webclient_ui | 8.00 | |
| sap | customer_relationship_management_webclient_ui | 8.01 | |
| sap | s4fnd | 1.02 | |
| sap | s4fnd | 102 | |
| sap | s4fnd | 103 | |
| sap | s4fnd | 104 | |
| sap | s4fnd | 105 | |
| sap | s4fnd | 106 | |
| sap | s4fnd | 107 | |
| sap | sapscore | 129 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "314EA6B5-D3E3-4559-A34A-51A6BB4F3E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "470B27E7-C245-43B3-9ED0-545A06158114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA5DC54-236B-4832-AA79-6EC111EFFBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "4056C921-05B8-4465-96CD-429B520AA6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CBB62D-FDA3-4A23-9175-B9171EA9CE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1440F085-EB15-4910-8AB8-C72E67B8B39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D60B19-8578-40AF-9A09-5D6EB8D2DB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3A88FFDD-4967-4E81-8E44-3F4A7BCCE943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:102:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA8EA38-C0D1-4EB0-93D5-DEBA8446E685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:103:*:*:*:*:*:*:*",
"matchCriteriaId": "43ED5850-580C-40F2-ABCD-CCA33B63D4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:104:*:*:*:*:*:*:*",
"matchCriteriaId": "104C4099-341D-4796-8425-D61A44FB7839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:105:*:*:*:*:*:*:*",
"matchCriteriaId": "66A663D3-247D-497E-8CE3-4D21E4A43C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:106:*:*:*:*:*:*:*",
"matchCriteriaId": "09C81075-4864-47A7-9851-DD46EE9B2E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:107:*:*:*:*:*:*:*",
"matchCriteriaId": "54AD7034-006C-4698-BF4F-D3584D88EC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapscore:129:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACAA9A2-5CD6-4C6B-829B-CB534FADFAD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
}
],
"id": "CVE-2023-29188",
"lastModified": "2024-11-21T07:56:40.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-09T01:15:08.943",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Broken Link"
],
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-24525
Vulnerability from fkie_nvd - Published: 2023-02-14 04:15 - Updated: 2024-11-21 07:48
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2788178 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2788178 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DE87D61B-2E55-4F32-8837-DD3D77FF7A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "314EA6B5-D3E3-4559-A34A-51A6BB4F3E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B9BEF2-5E40-465B-A728-484B6F9488E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "470B27E7-C245-43B3-9ED0-545A06158114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E90CCA-F2D8-4EB3-A4F5-4705F7F8DB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CBB62D-FDA3-4A23-9175-B9171EA9CE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF34241-C022-40FE-AB27-16D8EE537429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "6514BD40-D078-46D6-811C-B26E9692EF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1440F085-EB15-4910-8AB8-C72E67B8B39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D60B19-8578-40AF-9A09-5D6EB8D2DB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3A88FFDD-4967-4E81-8E44-3F4A7BCCE943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:s4fnd:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "64D4BFFA-2E36-480B-83BB-199CB765659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\n\n"
}
],
"id": "CVE-2023-24525",
"lastModified": "2024-11-21T07:48:03.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-14T04:15:12.770",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2788178"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2788178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
FKIE_CVE-2019-0244
Vulnerability from fkie_nvd - Published: 2019-01-08 20:29 - Updated: 2024-11-21 04:16
Severity ?
Summary
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/106473 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2588763 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106473 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2588763 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | customer_relationship_management_webclient_ui | 7.31 | |
| sap | customer_relationship_management_webclient_ui | 7.46 | |
| sap | customer_relationship_management_webclient_ui | 7.47 | |
| sap | customer_relationship_management_webclient_ui | 7.48 | |
| sap | customer_relationship_management_webclient_ui | 8.00 | |
| sap | customer_relationship_management_webclient_ui | 8.01 | |
| sap | s4fnd | 1.02 | |
| sap | sapscore | 1.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "470B27E7-C245-43B3-9ED0-545A06158114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA5DC54-236B-4832-AA79-6EC111EFFBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "4056C921-05B8-4465-96CD-429B520AA6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CBB62D-FDA3-4A23-9175-B9171EA9CE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1440F085-EB15-4910-8AB8-C72E67B8B39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D60B19-8578-40AF-9A09-5D6EB8D2DB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3A88FFDD-4967-4E81-8E44-3F4A7BCCE943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sapscore:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "16B411D4-96AC-4706-97EA-E2694319154A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "SAP CRM WebClient UI (solucionado en SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) no valida suficientemente los campos ocultos controlados por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS)."
}
],
"id": "CVE-2019-0244",
"lastModified": "2024-11-21T04:16:34.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-08T20:29:00.737",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106473"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-0245
Vulnerability from fkie_nvd - Published: 2019-01-08 20:29 - Updated: 2024-11-21 04:16
Severity ?
Summary
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/106468 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2588763 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106468 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2588763 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | customer_relationship_management_webclient_ui | 7.31 | |
| sap | customer_relationship_management_webclient_ui | 7.46 | |
| sap | customer_relationship_management_webclient_ui | 7.47 | |
| sap | customer_relationship_management_webclient_ui | 7.48 | |
| sap | customer_relationship_management_webclient_ui | 8.00 | |
| sap | customer_relationship_management_webclient_ui | 8.01 | |
| sap | s4fnd | 1.02 | |
| sap | sapscore | 1.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "470B27E7-C245-43B3-9ED0-545A06158114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA5DC54-236B-4832-AA79-6EC111EFFBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "4056C921-05B8-4465-96CD-429B520AA6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CBB62D-FDA3-4A23-9175-B9171EA9CE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1440F085-EB15-4910-8AB8-C72E67B8B39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D60B19-8578-40AF-9A09-5D6EB8D2DB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3A88FFDD-4967-4E81-8E44-3F4A7BCCE943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sapscore:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "16B411D4-96AC-4706-97EA-E2694319154A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "SAP CRM WebClient UI (solucionado en SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) no valida suficientemente los campos ocultos controlados por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS)."
}
],
"id": "CVE-2019-0245",
"lastModified": "2024-11-21T04:16:34.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-08T20:29:00.783",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106468"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-2364
Vulnerability from fkie_nvd - Published: 2018-02-14 12:29 - Updated: 2024-11-21 04:03
Severity ?
Summary
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/103002 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ | Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2541700 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103002 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2541700 | Permissions Required |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "314EA6B5-D3E3-4559-A34A-51A6BB4F3E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "470B27E7-C245-43B3-9ED0-545A06158114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA5DC54-236B-4832-AA79-6EC111EFFBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "4056C921-05B8-4465-96CD-429B520AA6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CBB62D-FDA3-4A23-9175-B9171EA9CE7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1440F085-EB15-4910-8AB8-C72E67B8B39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D60B19-8578-40AF-9A09-5D6EB8D2DB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3A88FFDD-4967-4E81-8E44-3F4A7BCCE943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01 y S4FND 1.02, no valida suficientemente y/o codifica los campos ocultos, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS)."
}
],
"id": "CVE-2018-2364",
"lastModified": "2024-11-21T04:03:41.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-14T12:29:00.233",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103002"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2541700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2541700"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-29188 (GCVE-0-2023-29188)
Vulnerability from cvelistv5 – Published: 2023-05-09 00:57 – Updated: 2025-01-28 16:13
VLAI?
Summary
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP CRM WebClient UI |
Affected:
SAPSCORE 129
Affected: S4FND 102 Affected: S4FND 103 Affected: S4FND 104 Affected: S4FND 105 Affected: S4FND 106 Affected: S4FND 107 Affected: WEBCUIF 701 Affected: WEBCUIF 731 Affected: WEBCUIF 746 Affected: WEBCUIF 747 Affected: WEBCUIF 748 Affected: WEBCUIF 800 Affected: WEBCUIF 801 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:13:12.372471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:13:33.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP CRM WebClient UI",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAPSCORE 129"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "S4FND 103"
},
{
"status": "affected",
"version": "S4FND 104"
},
{
"status": "affected",
"version": "S4FND 105"
},
{
"status": "affected",
"version": "S4FND 106"
},
{
"status": "affected",
"version": "S4FND 107"
},
{
"status": "affected",
"version": "WEBCUIF 701"
},
{
"status": "affected",
"version": "WEBCUIF 731"
},
{
"status": "affected",
"version": "WEBCUIF 746"
},
{
"status": "affected",
"version": "WEBCUIF 747"
},
{
"status": "affected",
"version": "WEBCUIF 748"
},
{
"status": "affected",
"version": "WEBCUIF 800"
},
{
"status": "affected",
"version": "WEBCUIF 801"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\u003c/p\u003e"
}
],
"value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:57:57.055Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-29188",
"datePublished": "2023-05-09T00:57:57.055Z",
"dateReserved": "2023-04-03T09:22:43.158Z",
"dateUpdated": "2025-01-28T16:13:33.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24525 (GCVE-0-2023-24525)
Vulnerability from cvelistv5 – Published: 2023-02-14 03:18 – Updated: 2025-03-20 20:22
VLAI?
Summary
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | CRM (WebClient UI) |
Affected:
WEBCUIF 748
Affected: 800 Affected: 801 Affected: S4FND 102 Affected: 103 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2788178"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T20:22:47.832336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T20:22:57.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CRM (WebClient UI)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "WEBCUIF 748"
},
{
"status": "affected",
"version": "800"
},
{
"status": "affected",
"version": "801"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "103"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\u003c/p\u003e"
}
],
"value": "SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T21:25:50.210Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/2788178"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-24525",
"datePublished": "2023-02-14T03:18:24.206Z",
"dateReserved": "2023-01-25T15:46:55.581Z",
"dateUpdated": "2025-03-20T20:22:57.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0245 (GCVE-0-2019-0245)
Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | SAP CRM WebClient UI (SAPSCORE) |
Affected:
< 1.12
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106468",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106468"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP CRM WebClient UI (SAPSCORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12"
}
]
},
{
"product": "SAP CRM WebClient UI (S4FND)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.02"
}
]
},
{
"product": "SAP CRM WebClient UI (WEBCUIF)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.46"
},
{
"status": "affected",
"version": "\u003c 7.47"
},
{
"status": "affected",
"version": "\u003c 7.48"
},
{
"status": "affected",
"version": "\u003c 8.0"
},
{
"status": "affected",
"version": "\u003c 8.01"
}
]
}
],
"datePublic": "2019-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106468",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106468"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI (SAPSCORE)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.12"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (S4FND)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.02"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (WEBCUIF)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.46"
},
{
"version_name": "\u003c",
"version_value": "7.47"
},
{
"version_name": "\u003c",
"version_value": "7.48"
},
{
"version_name": "\u003c",
"version_value": "8.0"
},
{
"version_name": "\u003c",
"version_value": "8.01"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2588763",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106468"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0245",
"datePublished": "2019-01-08T20:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0244 (GCVE-0-2019-0244)
Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | SAP CRM WebClient UI (SAPSCORE) |
Affected:
< 1.12
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP CRM WebClient UI (SAPSCORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12"
}
]
},
{
"product": "SAP CRM WebClient UI (S4FND)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.02"
}
]
},
{
"product": "SAP CRM WebClient UI (WEBCUIF)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.46"
},
{
"status": "affected",
"version": "\u003c 7.47"
},
{
"status": "affected",
"version": "\u003c 7.48"
},
{
"status": "affected",
"version": "\u003c 8.0"
},
{
"status": "affected",
"version": "\u003c 8.01"
}
]
}
],
"datePublic": "2019-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI (SAPSCORE)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.12"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (S4FND)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.02"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (WEBCUIF)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.46"
},
{
"version_name": "\u003c",
"version_value": "7.47"
},
{
"version_name": "\u003c",
"version_value": "7.48"
},
{
"version_name": "\u003c",
"version_value": "8.0"
},
{
"version_name": "\u003c",
"version_value": "8.01"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2588763",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106473"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0244",
"datePublished": "2019-01-08T20:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2364 (GCVE-0-2018-2364)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI?
Summary
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP CRM WebClient UI |
Affected:
7.01
Affected: 7.31 Affected: 7.46 Affected: 7.47 Affected: 7.48 Affected: 8.00 Affected: 8.01 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2541700"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP CRM WebClient UI",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.01"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.46"
},
{
"status": "affected",
"version": "7.47"
},
{
"status": "affected",
"version": "7.48"
},
{
"status": "affected",
"version": "8.00"
},
{
"status": "affected",
"version": "8.01"
}
]
},
{
"product": "S4FND",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "1.02"
}
]
}
],
"datePublic": "2018-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "103002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2541700"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.01"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.46"
},
{
"version_affected": "=",
"version_value": "7.47"
},
{
"version_affected": "=",
"version_value": "7.48"
},
{
"version_affected": "=",
"version_value": "8.00"
},
{
"version_affected": "=",
"version_value": "8.01"
}
]
}
},
{
"product_name": "S4FND",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.02"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103002"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2541700",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2541700"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2364",
"datePublished": "2018-02-14T12:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:14:39.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29188 (GCVE-0-2023-29188)
Vulnerability from nvd – Published: 2023-05-09 00:57 – Updated: 2025-01-28 16:13
VLAI?
Summary
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP CRM WebClient UI |
Affected:
SAPSCORE 129
Affected: S4FND 102 Affected: S4FND 103 Affected: S4FND 104 Affected: S4FND 105 Affected: S4FND 106 Affected: S4FND 107 Affected: WEBCUIF 701 Affected: WEBCUIF 731 Affected: WEBCUIF 746 Affected: WEBCUIF 747 Affected: WEBCUIF 748 Affected: WEBCUIF 800 Affected: WEBCUIF 801 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:13:12.372471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:13:33.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP CRM WebClient UI",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAPSCORE 129"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "S4FND 103"
},
{
"status": "affected",
"version": "S4FND 104"
},
{
"status": "affected",
"version": "S4FND 105"
},
{
"status": "affected",
"version": "S4FND 106"
},
{
"status": "affected",
"version": "S4FND 107"
},
{
"status": "affected",
"version": "WEBCUIF 701"
},
{
"status": "affected",
"version": "WEBCUIF 731"
},
{
"status": "affected",
"version": "WEBCUIF 746"
},
{
"status": "affected",
"version": "WEBCUIF 747"
},
{
"status": "affected",
"version": "WEBCUIF 748"
},
{
"status": "affected",
"version": "WEBCUIF 800"
},
{
"status": "affected",
"version": "WEBCUIF 801"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\u003c/p\u003e"
}
],
"value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:57:57.055Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-29188",
"datePublished": "2023-05-09T00:57:57.055Z",
"dateReserved": "2023-04-03T09:22:43.158Z",
"dateUpdated": "2025-01-28T16:13:33.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24525 (GCVE-0-2023-24525)
Vulnerability from nvd – Published: 2023-02-14 03:18 – Updated: 2025-03-20 20:22
VLAI?
Summary
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | CRM (WebClient UI) |
Affected:
WEBCUIF 748
Affected: 800 Affected: 801 Affected: S4FND 102 Affected: 103 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2788178"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T20:22:47.832336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T20:22:57.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CRM (WebClient UI)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "WEBCUIF 748"
},
{
"status": "affected",
"version": "800"
},
{
"status": "affected",
"version": "801"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "103"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\u003c/p\u003e"
}
],
"value": "SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T21:25:50.210Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/2788178"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-24525",
"datePublished": "2023-02-14T03:18:24.206Z",
"dateReserved": "2023-01-25T15:46:55.581Z",
"dateUpdated": "2025-03-20T20:22:57.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0245 (GCVE-0-2019-0245)
Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | SAP CRM WebClient UI (SAPSCORE) |
Affected:
< 1.12
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106468",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106468"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP CRM WebClient UI (SAPSCORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12"
}
]
},
{
"product": "SAP CRM WebClient UI (S4FND)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.02"
}
]
},
{
"product": "SAP CRM WebClient UI (WEBCUIF)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.46"
},
{
"status": "affected",
"version": "\u003c 7.47"
},
{
"status": "affected",
"version": "\u003c 7.48"
},
{
"status": "affected",
"version": "\u003c 8.0"
},
{
"status": "affected",
"version": "\u003c 8.01"
}
]
}
],
"datePublic": "2019-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106468",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106468"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI (SAPSCORE)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.12"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (S4FND)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.02"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (WEBCUIF)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.46"
},
{
"version_name": "\u003c",
"version_value": "7.47"
},
{
"version_name": "\u003c",
"version_value": "7.48"
},
{
"version_name": "\u003c",
"version_value": "8.0"
},
{
"version_name": "\u003c",
"version_value": "8.01"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2588763",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106468"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0245",
"datePublished": "2019-01-08T20:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0244 (GCVE-0-2019-0244)
Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | SAP CRM WebClient UI (SAPSCORE) |
Affected:
< 1.12
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP CRM WebClient UI (SAPSCORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12"
}
]
},
{
"product": "SAP CRM WebClient UI (S4FND)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.02"
}
]
},
{
"product": "SAP CRM WebClient UI (WEBCUIF)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.46"
},
{
"status": "affected",
"version": "\u003c 7.47"
},
{
"status": "affected",
"version": "\u003c 7.48"
},
{
"status": "affected",
"version": "\u003c 8.0"
},
{
"status": "affected",
"version": "\u003c 8.01"
}
]
}
],
"datePublic": "2019-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI (SAPSCORE)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.12"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (S4FND)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.02"
}
]
}
},
{
"product_name": "SAP CRM WebClient UI (WEBCUIF)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.46"
},
{
"version_name": "\u003c",
"version_value": "7.47"
},
{
"version_name": "\u003c",
"version_value": "7.48"
},
{
"version_name": "\u003c",
"version_value": "8.0"
},
{
"version_name": "\u003c",
"version_value": "8.01"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2588763",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2588763"
},
{
"name": "106473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106473"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0244",
"datePublished": "2019-01-08T20:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2364 (GCVE-0-2018-2364)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI?
Summary
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP CRM WebClient UI |
Affected:
7.01
Affected: 7.31 Affected: 7.46 Affected: 7.47 Affected: 7.48 Affected: 8.00 Affected: 8.01 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2541700"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP CRM WebClient UI",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.01"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.46"
},
{
"status": "affected",
"version": "7.47"
},
{
"status": "affected",
"version": "7.48"
},
{
"status": "affected",
"version": "8.00"
},
{
"status": "affected",
"version": "8.01"
}
]
},
{
"product": "S4FND",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "1.02"
}
]
}
],
"datePublic": "2018-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "103002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2541700"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP CRM WebClient UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.01"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.46"
},
{
"version_affected": "=",
"version_value": "7.47"
},
{
"version_affected": "=",
"version_value": "7.48"
},
{
"version_affected": "=",
"version_value": "8.00"
},
{
"version_affected": "=",
"version_value": "8.01"
}
]
}
},
{
"product_name": "S4FND",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.02"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103002"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2541700",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2541700"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2364",
"datePublished": "2018-02-14T12:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:14:39.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}