CVE-2019-0244
Published Jan 8, 2019
Last updated 6 years ago
Overview
- Description
- SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "470B27E7-C245-43B3-9ED0-545A06158114" }, { "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DA5DC54-236B-4832-AA79-6EC111EFFBF7" }, { "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4056C921-05B8-4465-96CD-429B520AA6B8" }, { "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CBB62D-FDA3-4A23-9175-B9171EA9CE7D" }, { "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1440F085-EB15-4910-8AB8-C72E67B8B39E" }, { "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8D60B19-8578-40AF-9A09-5D6EB8D2DB40" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A88FFDD-4967-4E81-8E44-3F4A7BCCE943" } ], "operator": "OR" } ] }, { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:sapscore:1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B411D4-96AC-4706-97EA-E2694319154A" } ], "operator": "OR" } ] } ]