Sap Customer Relationship Management Webclient Ui — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Customer Relationship Management Webclient Ui, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2018-2364 — CVSS 6.1 (medium): SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields…
CVE-2024-34686 — CVSS 6.1 (medium): Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious…
CVE-2024-37173 — CVSS 6.1 (medium): Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious…
CVE-2024-37174 — CVSS 6.1 (medium): Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting…
CVE-2019-0244 — CVSS 5.4 (medium): SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode…
CVE-2024-39598 — CVSS 5.0 (medium): SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by…
CVE-2024-37175 — CVSS 4.3 (medium): SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This…
CVE-2023-24525 — CVSS 4.3 (medium): SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in…