10 matches found
CVE-2018-2380
CVE-2018-2380 affects SAP CRM running on SAP NetWeaver (CRM versions 7.01, 7.02, 7.30, 7.31, 7.33, 7.54). The issue is a directory traversal vulnerability caused by insufficient validation of user-supplied path information, allowing traversal sequences to be passed to file APIs. Remediation is av...
CVE-2017-15294
CVE-2017-15294 affects SAP CRM’s Java administration console, with a cross-site scripting vulnerability in the Java-based admin UI. Root cause: insufficient input validation/execution of arbitrary script in a browser. Impact: browser-based XSS; CVSSv3 base score 6.1 (MEDIUM), network access, no p...
CVE-2014-1962
This CVE concerns SAP CRM’s Gwsync component in SAP CRM 7.02 EHP2, where an XML External Entity (XXE) issue could allow remote attackers to obtain sensitive information. The underlying cause is XXE processing flaws in the affected workflow, enabling information disclosure without involving integr...
CVE-2017-15296
The CVE-2017-15296 vulnerability affects the Java component of SAP Customer Relationship Management (SAP CRM). The issue is a Cross-Site Request Forgery (CSRF) vulnerability described in SAP Security Note 2478964. Exploitation could allow an attacker to perform unauthorized operations within SAP ...
CVE-2021-33676
CVE-2021-33676 involves a missing authority check in SAP CRM ABAP components affecting versions 700, 701, 702, 712, 713, and 714. The Red Hat and NVD records corroborate that this design/authorization flaw could enable a user with high privileges to compromise the system’s confidentiality, integr...
CVE-2015-3979
The CVE-2015-3979 entry concerns SAP CRM’s Business Rules Framework (CRM-BF-BRF) in SAP CRM. A connected CNVD record notes a concrete vulnerability where input submitted by users is not properly filtered, allowing remote attackers to exploit it by sending specially crafted requests to execute arb...
CVE-2015-3980
The SAP CRM vulnerability CVE-2015-3980 affects the Business Rules Framework (CRM-BF-BRF) in SAP CRM. It is a SQL injection flaw that lets attackers remotely submit specially crafted SQL queries to the backend, enabling data manipulation or disclosure. Root cause appears to be unsafe SQL handling...
CVE-2013-7095
CVE-2013-7095 concerns the XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2, with an XML External Entity (XXE) issue. The connected sources indicate the impact and attack vectors are unknown. No explicit exploit details, affected versions beyond 7.02 EHP 2, or r...
CVE-2023-27897
Affected software: SAP CRM versions 700–713. Vulnerability: An attacker authenticated with a non-administrative role and common remote-execution authorization can use a vulnerable interface to execute a function, performing actions they normally could not. This can have limited impact on confiden...
CVE-2014-8669
Technical details about CVE-2014-8669 are not publicly provided in the supplied documents; no specifics on affected versions, vectors, or impact. Monitor for updates.