Lucene search

[email protected]CVE-2023-29189

HistoryApr 11, 2023 - 4:16 a.m.

CVE-2023-29189

2023-04-1104:16:09

CWE-23

[email protected]

web.nvd.nist.gov

sap crm

webclient ui

http verbs

form fields

cve-2023-29189

vulnerability

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields

Affected configurations

NVD

Node

sapcustomer_relationship_management_s4fndMatch102

sapcustomer_relationship_management_s4fndMatch103

sapcustomer_relationship_management_s4fndMatch104

sapcustomer_relationship_management_s4fndMatch105

sapcustomer_relationship_management_webclient_uiMatch700

sapcustomer_relationship_management_webclient_uiMatch701

sapcustomer_relationship_management_webclient_uiMatch730

sapcustomer_relationship_management_webclient_uiMatch731

sapcustomer_relationship_management_webclient_uiMatch746

sapcustomer_relationship_management_webclient_uiMatch747

sapcustomer_relationship_management_webclient_uiMatch748

sapcustomer_relationship_management_webclient_uiMatch800

sapcustomer_relationship_management_webclient_uiMatch801

CPENameOperatorVersion
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq102
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq103
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq104
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq105
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq700
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq701
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq730
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq731
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq746
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq747

CPE	Name	Operator	Version
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	102
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	103
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	104
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	105
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	700
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	701
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	730
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	731
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	746
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	747

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CRM (WebClient UI)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "S4FND 103"
      },
      {
        "status": "affected",
        "version": "S4FND 104"
      },
      {
        "status": "affected",
        "version": "S4FND 105"
      },
      {
        "status": "affected",
        "version": "S4FND 106"
      },
      {
        "status": "affected",
        "version": "S4FND 107"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 700"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 701"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 731"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 730"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 746"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 747"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 748"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 800"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 801"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3269352

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for CVE-2023-29189

cvelist1 nvd1 prion1