VYPR

Customer Relationship Management

by SAP

CVEs (9)

  • CVE-2017-15296HigOct 16, 2017
    risk 0.57cvss 8.8epss 0.01

    The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.

  • CVE-2017-15294MedOct 16, 2017
    risk 0.40cvss 6.1epss 0.01

    The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.

  • CVE-2023-34548Jun 16, 2023
    risk 0.00cvss epss 0.01

    Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.

  • CVE-2019-0368Oct 8, 2019
    risk 0.00cvss epss 0.01

    SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.

  • CVE-2015-3980May 12, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.

  • CVE-2015-3979May 12, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.

  • CVE-2014-8669Nov 6, 2014
    risk 0.00cvss epss 0.05

    The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2014-1962Feb 14, 2014
    risk 0.00cvss epss 0.01

    Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.

  • CVE-2013-7095Dec 13, 2013
    risk 0.00cvss epss 0.02

    The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.