Vulnerabilities > SAP > Customer Relationship Management S4Fnd > 108

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-09	CVE-2024-37175	Unspecified vulnerability in SAP products SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. network low complexity sap	6.5
2024-07-09	CVE-2024-37173	Unspecified vulnerability in SAP products Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. network low complexity sap	6.1
2024-07-09	CVE-2024-37174	Unspecified vulnerability in SAP products Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. network low complexity sap	6.1
2024-07-09	CVE-2024-39598	Unspecified vulnerability in SAP products SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. network low complexity sap	7.7

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.