Vulnerabilities > CVE-2024-34686 - Unspecified vulnerability in SAP Customer Relationship Management Webclient UI

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2024-06-11

Updated: 2024-11-21

Summary

Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Customer Relationship Management Webclient UI 731 SAP Customer Relationship Management Webclient UI 730 SAP Customer Relationship Management Webclient UI 746 SAP Customer Relationship Management Webclient UI 747 SAP Customer Relationship Management Webclient UI 748 SAP Customer Relationship Management Webclient UI 800 SAP Customer Relationship Management Webclient UI 801 SAP Customer Relationship Management Webclient UI 701 SAP Customer Relationship Management Webclient UI S4Fnd_102 SAP Customer Relationship Management Webclient UI Webcuif_700 SAP Customer Relationship Management Webclient UI 103 SAP Customer Relationship Management Webclient UI 104 SAP Customer Relationship Management Webclient UI 105 SAP Customer Relationship Management Webclient UI 106 SAP Customer Relationship Management Webclient UI 107	15

Summary

Vulnerable Configurations

References