CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
18.8%
SAP CRM (WebClient UI Framework) allows an
authenticated attacker to enumerate accessible HTTP endpoints in the internal
network by specially crafting HTTP requests. On successful exploitation this
can result in information disclosure. It has no impact on integrity and
availability of the application.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | customer_relationship_management_s4fnd | 102 | cpe:2.3:a:sap:customer_relationship_management_s4fnd:102:*:*:*:*:*:*:* |
sap | customer_relationship_management_s4fnd | 103 | cpe:2.3:a:sap:customer_relationship_management_s4fnd:103:*:*:*:*:*:*:* |
sap | customer_relationship_management_s4fnd | 104 | cpe:2.3:a:sap:customer_relationship_management_s4fnd:104:*:*:*:*:*:*:* |
sap | customer_relationship_management_s4fnd | 105 | cpe:2.3:a:sap:customer_relationship_management_s4fnd:105:*:*:*:*:*:*:* |
sap | customer_relationship_management_s4fnd | 106 | cpe:2.3:a:sap:customer_relationship_management_s4fnd:106:*:*:*:*:*:*:* |
sap | customer_relationship_management_s4fnd | 107 | cpe:2.3:a:sap:customer_relationship_management_s4fnd:107:*:*:*:*:*:*:* |
sap | customer_relationship_management_s4fnd | 108 | cpe:2.3:a:sap:customer_relationship_management_s4fnd:108:*:*:*:*:*:*:* |
sap | customer_relationship_management_webclient_ui | 701 | cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:* |
sap | customer_relationship_management_webclient_ui | 731 | cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:* |
sap | customer_relationship_management_webclient_ui | 746 | cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:* |