Lucene search

[email protected]NVD:CVE-2023-24525

HistoryFeb 14, 2023 - 4:15 a.m.

CVE-2023-24525

2023-02-1404:15:12

CWE-79

[email protected]

web.nvd.nist.gov

sap

crm

webclient ui

versions

webcuif

748

800

801

s4fnd

102

103

encode

user-controlled inputs

cross-site scripting

xss

vulnerability

authenticated

attacker

impact

confidentiality

application

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.2%

JSON

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.

Affected configurations

NVD

Node

sapcustomer_relationship_management_webclient_uiMatch7.00

sapcustomer_relationship_management_webclient_uiMatch7.01

sapcustomer_relationship_management_webclient_uiMatch7.02

sapcustomer_relationship_management_webclient_uiMatch7.31

sapcustomer_relationship_management_webclient_uiMatch7.40

sapcustomer_relationship_management_webclient_uiMatch7.48

sapcustomer_relationship_management_webclient_uiMatch7.50

sapcustomer_relationship_management_webclient_uiMatch7.52

sapcustomer_relationship_management_webclient_uiMatch8.00

sapcustomer_relationship_management_webclient_uiMatch8.01