Sap Customer Relationship Management S4fnd — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Customer Relationship Management S4fnd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2024-37173 — CVSS 6.1 (medium): Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious…
CVE-2024-37174 — CVSS 6.1 (medium): Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting…
CVE-2024-39598 — CVSS 5.0 (medium): SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by…
CVE-2024-37175 — CVSS 4.3 (medium): SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This…