Lucene search

[email protected]CVE-2023-29188

HistoryMay 09, 2023 - 1:15 a.m.

CVE-2023-29188

2023-05-0901:15:08

CWE-79

[email protected]

web.nvd.nist.gov

sap

crm

webclient

sapscore

s4fnd

webcuif

xss

cross-site scripting

vulnerability

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.7%

JSON

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.

Affected configurations

NVD

Node

sapcustomer_relationship_management_webclient_uiMatch7.01

sapcustomer_relationship_management_webclient_uiMatch7.31

sapcustomer_relationship_management_webclient_uiMatch7.46

sapcustomer_relationship_management_webclient_uiMatch7.47

sapcustomer_relationship_management_webclient_uiMatch7.48

sapcustomer_relationship_management_webclient_uiMatch8.00

sapcustomer_relationship_management_webclient_uiMatch8.01

saps4fndMatch1.02

saps4fndMatch102

saps4fndMatch103

saps4fndMatch104

saps4fndMatch105

saps4fndMatch106

saps4fndMatch107

sapsapscoreMatch129

CPENameOperatorVersion
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq7.01
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq7.31
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq7.46
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq7.47
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq7.48
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq8.00
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq8.01
sap:s4fndsap s4fndeq1.02
sap:s4fndsap s4fndeq102
sap:s4fndsap s4fndeq103

CPE	Name	Operator	Version
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	7.01
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	7.31
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	7.46
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	7.47
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	7.48
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	8.00
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	8.01
sap:s4fnd	sap s4fnd	eq	1.02
sap:s4fnd	sap s4fnd	eq	102
sap:s4fnd	sap s4fnd	eq	103

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CRM WebClient UI",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAPSCORE 129"
      },
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "S4FND 103"
      },
      {
        "status": "affected",
        "version": "S4FND 104"
      },
      {
        "status": "affected",
        "version": "S4FND 105"
      },
      {
        "status": "affected",
        "version": "S4FND 106"
      },
      {
        "status": "affected",
        "version": "S4FND 107"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 701"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 731"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 746"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 747"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 748"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 800"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 801"
      }
    ]
  }
]

References

i7p.wdf.sap.corp/sap/support/notes/3315979

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html