Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Customer Relationship Management Security Vulnerabilities

cve
cve

CVE-2013-7095

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.

6.7AI Score

0.004EPSS

2013-12-13 08:08 PM
18
cve
cve

CVE-2014-1962

Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.

6.4AI Score

0.002EPSS

2014-02-14 03:55 PM
24
cve
cve

CVE-2014-8669

The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.

8AI Score

0.042EPSS

2022-10-03 04:20 PM
18
cve
cve

CVE-2015-3979

Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.

7.7AI Score

0.007EPSS

2015-05-12 08:59 PM
22
cve
cve

CVE-2015-3980

SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.

8.5AI Score

0.001EPSS

2015-05-12 08:59 PM
18
cve
cve

CVE-2017-15294

The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.

6.1CVSS

6.2AI Score

0.001EPSS

2017-10-16 04:29 PM
29
cve
cve

CVE-2017-15296

The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.

8.8CVSS

8.6AI Score

0.001EPSS

2017-10-16 04:29 PM
25
cve
cve

CVE-2018-2380

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

6.6CVSS

6.4AI Score

0.023EPSS

2018-03-01 05:29 PM
876
In Wild
4
cve
cve

CVE-2021-33676

A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.

7.2CVSS

6.8AI Score

0.001EPSS

2021-07-14 12:15 PM
25
4
cve
cve

CVE-2023-27897

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depe...

6.3CVSS

6.4AI Score

0.001EPSS

2023-04-11 03:15 AM
16
cve
cve

CVE-2023-3058

A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public ...

5.4CVSS

5.3AI Score

0.001EPSS

2023-06-02 01:15 PM
26
cve
cve

CVE-2023-5020

A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql injection. The attack may...

9.8CVSS

9.7AI Score

0.001EPSS

2023-09-17 05:15 AM
21