Описание
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
Ссылки
- Permissions Required
- PatchVendor Advisory
- Permissions Required
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:730:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:s4fnd_102:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:webcuif_700:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00481
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
EPSS
Процентиль: 65%
0.00481
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79