Vulnerabilities > SAP > Customer Relationship Management

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-33676 Missing Authorization vulnerability in SAP Customer Relationship Management
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
network
low complexity
sap CWE-862
6.5
2018-03-01 CVE-2018-2380 Path Traversal vulnerability in SAP Customer Relationship Management
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
network
low complexity
sap CWE-22
6.5
2017-10-16 CVE-2017-15296 Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management
The Java component in SAP CRM has CSRF.
network
sap CWE-352
6.8
2017-10-16 CVE-2017-15294 Cross-site Scripting vulnerability in SAP Customer Relationship Management
The Java administration console in SAP CRM has XSS.
network
sap CWE-79
4.3
2015-05-12 CVE-2015-3980 SQL Injection vulnerability in SAP Customer Relationship Management
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
network
low complexity
sap CWE-89
7.5
2015-05-12 CVE-2015-3979 Arbitrary Code Execution vulnerability in SAP Business Rules Framework
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
network
low complexity
sap
7.5
2014-11-06 CVE-2014-8669 Code Injection vulnerability in SAP Customer Relationship Management
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
sap CWE-94
critical
10.0
2014-02-14 CVE-2014-1962 Information Exposure vulnerability in SAP Customer Relationship Management 7.02
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
network
low complexity
sap CWE-200
5.0
2013-12-13 CVE-2013-7095 Unspecified vulnerability in SAP Customer Relationship Management 7.02
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
network
low complexity
sap
critical
10.0