CVE-2024-34686

🗓️ 11 Jun 2024 02:11:49Reported by sapType

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link with a malicious script, potentially compromising victim's browser

Reporter	Title	Published	Views	Family All 9
CNNVD	SAP CRM Cross-Site Scripting Vulnerability	11 Jun 202400:00	–	cnnvd
Cvelist	CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)	11 Jun 202402:11	–	cvelist
EUVD	EUVD-2024-34985	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	11 Jun 202412:37	–	ncsc
NVD	CVE-2024-34686	11 Jun 202403:15	–	nvd
OSV	CVE-2024-34686	11 Jun 202403:15	–	osv
Positive Technologies	PT-2024-26106 · Sap · Sap Crm Webclient Ui	10 Jun 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-34686	23 May 202508:47	–	redhatcve
Vulnrichment	CVE-2024-34686 Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)	11 Jun 202402:11	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

sap customer_relationship_management_webclient_uiMatch103

sap customer_relationship_management_webclient_uiMatch104

sap customer_relationship_management_webclient_uiMatch105

sap customer_relationship_management_webclient_uiMatch106

sap customer_relationship_management_webclient_uiMatch107

sap customer_relationship_management_webclient_uiMatch701

sap customer_relationship_management_webclient_uiMatch730

sap customer_relationship_management_webclient_uiMatch731

sap customer_relationship_management_webclient_uiMatch746

sap customer_relationship_management_webclient_uiMatch747

sap customer_relationship_management_webclient_uiMatch748

sap customer_relationship_management_webclient_uiMatch800

sap customer_relationship_management_webclient_uiMatch801

sap customer_relationship_management_webclient_uiMatchs4fnd_102

sap customer_relationship_management_webclient_uiMatchwebcuif_700

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CRM WebClient UI",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 700"
      },
      {
        "status": "affected",
        "version": "701"
      },
      {
        "status": "affected",
        "version": "730"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "746"
      },
      {
        "status": "affected",
        "version": "747"
      },
      {
        "status": "affected",
        "version": "748"
      },
      {
        "status": "affected",
        "version": "800"
      },
      {
        "status": "affected",
        "version": "801"
      }
    ]
  }
]

Source	Link
support	www.support.sap.com/en/my-support/knowledge-base/security-notes-news.html
me	www.me.sap.com/notes/3465129

17 Jun 2026 07:33Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1

EPSS0.00266

SSVC

CWE-79