First published: Tue Jan 08 2019(Updated: )
SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP CRM - WebClient UI | =7.31 | |
SAP CRM - WebClient UI | =7.46 | |
SAP CRM - WebClient UI | =7.47 | |
SAP CRM - WebClient UI | =7.48 | |
SAP CRM - WebClient UI | =8.00 | |
SAP CRM - WebClient UI | =8.01 | |
SAP S/4HANA (SAP S4fnd, SAP S4core) | =1.02 | |
SAP SAPscore | =1.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0245 is a Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI (fixed in SAPCORE 1.12, S4FND 1.02, WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) that allows attackers to inject malicious scripts into web pages viewed by users.
The severity of CVE-2019-0245 is medium, with a CVSS base score of 5.4.
CVE-2019-0245 affects SAP CRM WebClient UI by not sufficiently encoding user-controlled inputs, allowing attackers to perform Cross-Site Scripting attacks.
The following versions of SAP CRM WebClient UI are affected by CVE-2019-0245: 7.31, 7.46, 7.47, 7.48, 8.0, and 8.01.
CVE-2019-0245 can be fixed by applying the relevant patches: SAPCORE 1.12, S4FND 1.02, and WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01.