VYPR

CRM

by SAP

CVEs (6)

  • CVE-2017-15296HigOct 16, 2017
    risk 0.57cvss 8.8epss 0.01

    The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.

  • CVE-2017-15294MedOct 16, 2017
    risk 0.40cvss 6.1epss 0.01

    The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.

  • CVE-2015-3980May 12, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.

  • CVE-2015-3979May 12, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.

  • CVE-2014-1962Feb 14, 2014
    risk 0.00cvss epss 0.01

    Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.

  • CVE-2013-7095Dec 13, 2013
    risk 0.00cvss epss 0.02

    The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.