Lucene search

SapCVELIST:CVE-2023-24525

HistoryFeb 14, 2023 - 3:18 a.m.

CVE-2023-24525

2023-02-1403:18:24

CWE-79

sap

www.cve.org

sap

crm

xss

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

23.5%

JSON

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CRM (WebClient UI)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "WEBCUIF 748"
      },
      {
        "status": "affected",
        "version": "800"
      },
      {
        "status": "affected",
        "version": "801"
      },
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "103"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2788178

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

23.5%

JSON

Related for CVELIST:CVE-2023-24525