CVE-2024-37173: [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

First published: Tue Jul 09 2024(Updated: )

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Credit: cna@sap.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/title
• agent/weakness
• agent/references
• agent/first-publish-date
• agent/description
• agent/type
• agent/severity
• agent/author
• agent/event
• collector/mitre-cve
• source/MITRE
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/last-modified-date
• agent/softwarecombine
• agent/tags
• vendor/sap
• canonical/sap customer relationship management s4fnd
• version/sap customer relationship management s4fnd/102
• version/sap customer relationship management s4fnd/103
• version/sap customer relationship management s4fnd/104
• version/sap customer relationship management s4fnd/105
• version/sap customer relationship management s4fnd/106
• version/sap customer relationship management s4fnd/107
• version/sap customer relationship management s4fnd/108
• canonical/sap customer relationship management webclient ui
• version/sap customer relationship management webclient ui/701
• version/sap customer relationship management webclient ui/731
• version/sap customer relationship management webclient ui/746
• version/sap customer relationship management webclient ui/747
• version/sap customer relationship management webclient ui/748
• version/sap customer relationship management webclient ui/800
• version/sap customer relationship management webclient ui/801