Unrated severityNVD Advisory· Published Oct 8, 2019· Updated Aug 4, 2024
CVE-2019-0368
CVE-2019-0368
Description
SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.
Affected products
3- Range: S4CRM < 1.0, 2.0; BBPCRM < 7.0, 7.01, 7.02, 7.12, 7.13, 7.14
- SAP SE/SAP Customer Relationship Management (Email Management - BBPCRM)v5Range: < 7.0
- SAP SE/SAP Customer Relationship Management (Email Management - S4CRM)v5Range: < 1.0
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.