Lucene search
+L
SapCustomer Relationship Management

10 matches found

CVE
CVE
added 2018/03/01 5:0 p.m.1060 views

CVE-2018-2380

CVE-2018-2380 affects SAP CRM running on SAP NetWeaver (CRM versions 7.01, 7.02, 7.30, 7.31, 7.33, 7.54). The issue is a directory traversal vulnerability caused by insufficient validation of user-supplied path information, allowing traversal sequences to be passed to file APIs. Remediation is av...

6.6CVSS6.4AI score0.28892EPSS
In wild
CVE
CVE
added 2017/10/16 4:0 p.m.58 views

CVE-2017-15294

CVE-2017-15294 affects SAP CRM’s Java administration console, with a cross-site scripting vulnerability in the Java-based admin UI. Root cause: insufficient input validation/execution of arbitrary script in a browser. Impact: browser-based XSS; CVSSv3 base score 6.1 (MEDIUM), network access, no p...

6.1CVSS6.2AI score0.00976EPSS
CVE
CVE
added 2014/02/14 3:0 p.m.54 views

CVE-2014-1962

This CVE concerns SAP CRM’s Gwsync component in SAP CRM 7.02 EHP2, where an XML External Entity (XXE) issue could allow remote attackers to obtain sensitive information. The underlying cause is XXE processing flaws in the affected workflow, enabling information disclosure without involving integr...

5CVSS6.4AI score0.01474EPSS
CVE
CVE
added 2017/10/16 4:0 p.m.54 views

CVE-2017-15296

The CVE-2017-15296 vulnerability affects the Java component of SAP Customer Relationship Management (SAP CRM). The issue is a Cross-Site Request Forgery (CSRF) vulnerability described in SAP Security Note 2478964. Exploitation could allow an attacker to perform unauthorized operations within SAP ...

8.8CVSS8.6AI score0.00545EPSS
CVE
CVE
added 2021/07/14 11:3 a.m.52 views

CVE-2021-33676

CVE-2021-33676 involves a missing authority check in SAP CRM ABAP components affecting versions 700, 701, 702, 712, 713, and 714. The Red Hat and NVD records corroborate that this design/authorization flaw could enable a user with high privileges to compromise the system’s confidentiality, integr...

7.2CVSS6.8AI score0.00911EPSS
CVE
CVE
added 2015/05/12 8:0 p.m.49 views

CVE-2015-3979

The CVE-2015-3979 entry concerns SAP CRM’s Business Rules Framework (CRM-BF-BRF) in SAP CRM. A connected CNVD record notes a concrete vulnerability where input submitted by users is not properly filtered, allowing remote attackers to exploit it by sending specially crafted requests to execute arb...

7.5CVSS7.7AI score0.02446EPSS
CVE
CVE
added 2015/05/12 8:0 p.m.48 views

CVE-2015-3980

The SAP CRM vulnerability CVE-2015-3980 affects the Business Rules Framework (CRM-BF-BRF) in SAP CRM. It is a SQL injection flaw that lets attackers remotely submit specially crafted SQL queries to the backend, enabling data manipulation or disclosure. Root cause appears to be unsafe SQL handling...

7.5CVSS8.5AI score0.01436EPSS
CVE
CVE
added 2013/12/13 7:0 p.m.47 views

CVE-2013-7095

CVE-2013-7095 concerns the XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2, with an XML External Entity (XXE) issue. The connected sources indicate the impact and attack vectors are unknown. No explicit exploit details, affected versions beyond 7.02 EHP 2, or r...

10CVSS6.7AI score0.02064EPSS
CVE
CVE
added 2023/04/11 2:50 a.m.45 views

CVE-2023-27897

Affected software: SAP CRM versions 700–713. Vulnerability: An attacker authenticated with a non-administrative role and common remote-execution authorization can use a vulnerable interface to execute a function, performing actions they normally could not. This can have limited impact on confiden...

6.3CVSS6.3AI score0.00651EPSS
CVE
CVE
added 2014/11/06 3:0 p.m.42 views

CVE-2014-8669

Technical details about CVE-2014-8669 are not publicly provided in the supplied documents; no specifics on affected versions, vectors, or impact. Monitor for updates.

10CVSS8AI score0.05481EPSS