Description
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- SAP_SE / SAP CRM WebClient UIS4FND 102 – S4FND 102
- SAP_SE / SAP CRM WebClient UI103 – 103
- SAP_SE / SAP CRM WebClient UI104 – 104
- SAP_SE / SAP CRM WebClient UI105 – 105
- SAP_SE / SAP CRM WebClient UI106 – 106
- SAP_SE / SAP CRM WebClient UI107 – 107
- SAP_SE / SAP CRM WebClient UIWEBCUIF 700 – WEBCUIF 700
- SAP_SE / SAP CRM WebClient UI701 – 701
- SAP_SE / SAP CRM WebClient UI730 – 730
- SAP_SE / SAP CRM WebClient UI731 – 731
- SAP_SE / SAP CRM WebClient UI746 – 746
- SAP_SE / SAP CRM WebClient UI747 – 747
- SAP_SE / SAP CRM WebClient UI748 – 748
- SAP_SE / SAP CRM WebClient UI800 – 800
- SAP_SE / SAP CRM WebClient UI801 – 801