Unrated severityNVD Advisory· Published Jun 11, 2024· Updated Aug 2, 2024

Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

CVE-2024-34686

Description

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Affected products

SAP/CRM WebClient UIllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: S4FND 102

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3465129mitre
support.sap.com/en/my-support/knowledge-base/security-notes-news.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000