CVE-2024-37173

Опубликовано: 09 июл. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Ссылки

https://me.sap.com/notes/3467377
Permissions Required
https://url.sap/sapsecuritypatchday
Vendor Advisory
https://me.sap.com/notes/3467377
Permissions Required
https://url.sap/sapsecuritypatchday
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:customer_relationship_management_s4fnd:102:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_s4fnd:103:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_s4fnd:104:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_s4fnd:105:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_s4fnd:106:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_s4fnd:107:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_s4fnd:108:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800:*:*:*:*:*:*:*

cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.0042

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-p5pq-x82g-r5vj