Description
Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- SAP_SE / SAP CRM WebClient UIS4FND 102 – S4FND 102
- SAP_SE / SAP CRM WebClient UIS4FND 103 – S4FND 103
- SAP_SE / SAP CRM WebClient UIS4FND 104 – S4FND 104
- SAP_SE / SAP CRM WebClient UIS4FND 105 – S4FND 105
- SAP_SE / SAP CRM WebClient UIS4FND 106 – S4FND 106
- SAP_SE / SAP CRM WebClient UIS4FND 107 – S4FND 107
- SAP_SE / SAP CRM WebClient UIS4FND 108 – S4FND 108
- SAP_SE / SAP CRM WebClient UIWEBCUIF 700 – WEBCUIF 700
- SAP_SE / SAP CRM WebClient UIWEBCUIF 701 – WEBCUIF 701
- SAP_SE / SAP CRM WebClient UIWEBCUIF 730 – WEBCUIF 730
- SAP_SE / SAP CRM WebClient UIWEBCUIF 731 – WEBCUIF 731
- SAP_SE / SAP CRM WebClient UIWEBCUIF 746 – WEBCUIF 746
- SAP_SE / SAP CRM WebClient UIWEBCUIF 747 – WEBCUIF 747
- SAP_SE / SAP CRM WebClient UIWEBCUIF 748 – WEBCUIF 748
- SAP_SE / SAP CRM WebClient UIWEBCUIF 800 – WEBCUIF 800
- SAP_SE / SAP CRM WebClient UIWEBCUIF 801 – WEBCUIF 801