CVE-2024-22130: Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
First published: Tue Feb 13 2024(Updated: )
Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Crm - Webclient Ui | =s4fnd_102 | |
| Sap Crm - Webclient Ui | =s4fnd_103 | |
| Sap Crm - Webclient Ui | =s4fnd_104 | |
| Sap Crm - Webclient Ui | =s4fnd_105 | |
| Sap Crm - Webclient Ui | =s4fnd_106 | |
| Sap Crm - Webclient Ui | =s4fnd_107 | |
| Sap Crm - Webclient Ui | =s4fnd_108 | |
| Sap Crm - Webclient Ui | =webcuif_700 | |
| Sap Crm - Webclient Ui | =webcuif_701 | |
| Sap Crm - Webclient Ui | =webcuif_730 | |
| Sap Crm - Webclient Ui | =webcuif_731 | |
| Sap Crm - Webclient Ui | =webcuif_746 | |
| Sap Crm - Webclient Ui | =webcuif_747 | |
| Sap Crm - Webclient Ui | =webcuif_748 | |
| Sap Crm - Webclient Ui | =webcuif_800 | |
| Sap Crm - Webclient Ui | =webcuif_801 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22130?
CVE-2024-22130 has been classified with a medium severity due to insufficient input encoding in the print preview option.
How do I fix CVE-2024-22130?
To mitigate CVE-2024-22130, apply the latest patches provided by SAP for the affected versions of SAP CRM WebClient UI.
Which versions are affected by CVE-2024-22130?
CVE-2024-22130 affects multiple versions including S4FND 102 through S4FND 108 and WEBCUIF 700 through WEBCUIF 801.
What impact does CVE-2024-22130 have on SAP CRM users?
CVE-2024-22130 may allow attackers to exploit insufficient encoding, potentially leading to security vulnerabilities in the application.
Is there a workaround for CVE-2024-22130?
Currently, the best practice for CVE-2024-22130 is to update to the latest SAP patches as there are no official workarounds recommended.
- agent/author
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/sap
- canonical/sap crm - webclient ui
- version/sap crm - webclient ui/s4fnd_102
- version/sap crm - webclient ui/s4fnd_103
- version/sap crm - webclient ui/s4fnd_104
- version/sap crm - webclient ui/s4fnd_105
- version/sap crm - webclient ui/s4fnd_106
- version/sap crm - webclient ui/s4fnd_107
- version/sap crm - webclient ui/s4fnd_108
- version/sap crm - webclient ui/webcuif_700
- version/sap crm - webclient ui/webcuif_701
- version/sap crm - webclient ui/webcuif_730
- version/sap crm - webclient ui/webcuif_731
- version/sap crm - webclient ui/webcuif_746
- version/sap crm - webclient ui/webcuif_747
- version/sap crm - webclient ui/webcuif_748
- version/sap crm - webclient ui/webcuif_800
- version/sap crm - webclient ui/webcuif_801