Vulnerabilities > SAP > Customer Relationship Management > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-33676 | Missing Authorization vulnerability in SAP Customer Relationship Management A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | 6.5 |
| 2018-03-01 | CVE-2018-2380 | Path Traversal vulnerability in SAP Customer Relationship Management SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | 6.5 |
| 2017-10-16 | CVE-2017-15296 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management The Java component in SAP CRM has CSRF. | 6.8 |
| 2017-10-16 | CVE-2017-15294 | Cross-site Scripting vulnerability in SAP Customer Relationship Management The Java administration console in SAP CRM has XSS. | 4.3 |
| 2014-02-14 | CVE-2014-1962 | Information Exposure vulnerability in SAP Customer Relationship Management 7.02 Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | 5.0 |