CVE-2024-24742: Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)
First published: Tue Feb 13 2024(Updated: )
SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Crm - Webclient Ui | =s4fnd_102 | |
| Sap Crm - Webclient Ui | =s4fnd_103 | |
| Sap Crm - Webclient Ui | =s4fnd_104 | |
| Sap Crm - Webclient Ui | =s4fnd_105 | |
| Sap Crm - Webclient Ui | =s4fnd_106 | |
| Sap Crm - Webclient Ui | =webcuif_701 | |
| Sap Crm - Webclient Ui | =webcuif_731 | |
| Sap Crm - Webclient Ui | =webcuif_746 | |
| Sap Crm - Webclient Ui | =webcuif_747 | |
| Sap Crm - Webclient Ui | =webcuif_748 | |
| Sap Crm - Webclient Ui | =webcuif_800 | |
| Sap Crm - Webclient Ui | =webcuif_801 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-24742?
CVE-2024-24742 has a high severity due to its Cross-Site Scripting (XSS) vulnerability affecting multiple versions of SAP CRM WebClient UI.
How do I fix CVE-2024-24742?
To fix CVE-2024-24742, ensure that user-controlled inputs are properly encoded in the affected SAP CRM WebClient UI versions.
Which SAP CRM WebClient UI versions are affected by CVE-2024-24742?
CVE-2024-24742 affects SAP CRM WebClient UI versions S4FND 102 to 106 and WEBCUIF 701 to 801.
What type of vulnerability is CVE-2024-24742?
CVE-2024-24742 is a Cross-Site Scripting (XSS) vulnerability resulting from insufficient encoding of user inputs.
Who is impacted by CVE-2024-24742?
Organizations using the specified versions of SAP CRM WebClient UI are impacted by CVE-2024-24742 due to the XSS vulnerability.
- agent/title
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/sap
- canonical/sap crm - webclient ui
- version/sap crm - webclient ui/s4fnd_102
- version/sap crm - webclient ui/s4fnd_103
- version/sap crm - webclient ui/s4fnd_104
- version/sap crm - webclient ui/s4fnd_105
- version/sap crm - webclient ui/s4fnd_106
- version/sap crm - webclient ui/webcuif_701
- version/sap crm - webclient ui/webcuif_731
- version/sap crm - webclient ui/webcuif_746
- version/sap crm - webclient ui/webcuif_747
- version/sap crm - webclient ui/webcuif_748
- version/sap crm - webclient ui/webcuif_800
- version/sap crm - webclient ui/webcuif_801