CVE-2023-30742: Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
First published: Tue May 09 2023(Updated: )
SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Customer Relationship Management S4fnd | =102 | |
| Sap Customer Relationship Management S4fnd | =103 | |
| Sap Customer Relationship Management S4fnd | =104 | |
| Sap Customer Relationship Management S4fnd | =105 | |
| Sap Customer Relationship Management S4fnd | =106 | |
| Sap Customer Relationship Management S4fnd | =107 | |
| Sap Customer Relationship Management Webclient Ui | =700 | |
| Sap Customer Relationship Management Webclient Ui | =701 | |
| Sap Customer Relationship Management Webclient Ui | =731 | |
| Sap Customer Relationship Management Webclient Ui | =746 | |
| Sap Customer Relationship Management Webclient Ui | =747 | |
| Sap Customer Relationship Management Webclient Ui | =748 | |
| Sap Customer Relationship Management Webclient Ui | =800 | |
| Sap Customer Relationship Management Webclient Ui | =801 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this SAP CRM vulnerability?
The vulnerability ID is CVE-2023-30742.
What is the severity level of CVE-2023-30742?
The severity level is medium.
Which versions of SAP CRM are affected by CVE-2023-30742?
Versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, and WEBCUIF 801 are affected.
What is the CWE ID associated with this vulnerability?
The CWE ID is 79.
How can I fix the CVE-2023-30742 vulnerability?
To fix the vulnerability, it is recommended to apply the necessary patches or updates provided by SAP.
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/sap
- canonical/sap customer relationship management s4fnd
- version/sap customer relationship management s4fnd/102
- version/sap customer relationship management s4fnd/103
- version/sap customer relationship management s4fnd/104
- version/sap customer relationship management s4fnd/105
- version/sap customer relationship management s4fnd/106
- version/sap customer relationship management s4fnd/107
- canonical/sap customer relationship management webclient ui
- version/sap customer relationship management webclient ui/700
- version/sap customer relationship management webclient ui/701
- version/sap customer relationship management webclient ui/731
- version/sap customer relationship management webclient ui/746
- version/sap customer relationship management webclient ui/747
- version/sap customer relationship management webclient ui/748
- version/sap customer relationship management webclient ui/800
- version/sap customer relationship management webclient ui/801