Unrated severityNVD Advisory· Published Jul 9, 2024· Updated Aug 2, 2024

[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

CVE-2024-37173

Description

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Affected products

SAP/CRM WebClient UIllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: S4FND 102

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3467377mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000