CVE-2019-0368

2019-10-0819:17:44

sap

www.cve.org

EPSS

0.001

Percentile

22.7%

JSON

SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.

CNA Affected

[
  {
    "product": "SAP Customer Relationship Management (Email Management - S4CRM)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.0"
      },
      {
        "status": "affected",
        "version": "< 2.0"
      }
    ]
  },
  {
    "product": "SAP Customer Relationship Management (Email Management - BBPCRM)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.0"
      },
      {
        "status": "affected",
        "version": "< 7.01"
      },
      {
        "status": "affected",
        "version": "< 7.02"
      },
      {
        "status": "affected",
        "version": "< 7.12"
      },
      {
        "status": "affected",
        "version": "< 7.13"
      },
      {
        "status": "affected",
        "version": "< 7.14"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2751806

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2019-0368