Vulnerabilities > SAP > Customer Relationship Management

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-27897 Code Injection vulnerability in SAP Customer Relationship Management
In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform.
network
low complexity
sap CWE-94
6.3
2021-07-14 CVE-2021-33676 Missing Authorization vulnerability in SAP Customer Relationship Management
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
network
low complexity
sap CWE-862
7.2
2018-03-01 CVE-2018-2380 Path Traversal vulnerability in SAP Customer Relationship Management
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
network
low complexity
sap CWE-22
6.6
2017-10-16 CVE-2017-15296 Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management
The Java component in SAP CRM has CSRF.
network
low complexity
sap CWE-352
8.8
2017-10-16 CVE-2017-15294 Cross-site Scripting vulnerability in SAP Customer Relationship Management
The Java administration console in SAP CRM has XSS.
network
low complexity
sap CWE-79
6.1