Lucene search

[email protected]CVE-2023-30742

HistoryMay 09, 2023 - 2:15 a.m.

CVE-2023-30742

2023-05-0902:15:12

CWE-79

[email protected]

web.nvd.nist.gov

sap

crm

webclient ui

xss

vulnerability

cve-2023-30742

nvd

security

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user’s session. The information from the victim’s session could then be modified or read by the attacker.

Affected configurations

NVD

Node

sapcustomer_relationship_management_s4fndMatch102

sapcustomer_relationship_management_s4fndMatch103

sapcustomer_relationship_management_s4fndMatch104

sapcustomer_relationship_management_s4fndMatch105

sapcustomer_relationship_management_s4fndMatch106

sapcustomer_relationship_management_s4fndMatch107

sapcustomer_relationship_management_webclient_uiMatch700

sapcustomer_relationship_management_webclient_uiMatch701

sapcustomer_relationship_management_webclient_uiMatch731

sapcustomer_relationship_management_webclient_uiMatch746

sapcustomer_relationship_management_webclient_uiMatch747

sapcustomer_relationship_management_webclient_uiMatch748

sapcustomer_relationship_management_webclient_uiMatch800

sapcustomer_relationship_management_webclient_uiMatch801

CPENameOperatorVersion
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq102
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq103
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq104
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq105
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq106
sap:customer_relationship_management_s4fndsap customer relationship management s4fndeq107
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq700
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq701
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq731
sap:customer_relationship_management_webclient_uisap customer relationship management webclient uieq746

CPE	Name	Operator	Version
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	102
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	103
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	104
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	105
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	106
sap:customer_relationship_management_s4fnd	sap customer relationship management s4fnd	eq	107
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	700
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	701
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	731
sap:customer_relationship_management_webclient_ui	sap customer relationship management webclient ui	eq	746

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CRM (WebClient UI)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "S4FND 103"
      },
      {
        "status": "affected",
        "version": "S4FND 104"
      },
      {
        "status": "affected",
        "version": "S4FND 105"
      },
      {
        "status": "affected",
        "version": "S4FND 106"
      },
      {
        "status": "affected",
        "version": "S4FND 107"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 700"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 701"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 731"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 746"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 747"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 748"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 800"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 801"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3315971

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

Related for CVE-2023-30742

cvelist1 prion1 nvd1