CVE-2019-0368

Published Oct 8, 2019

Last updated 5 years ago

CVSS medium 5.4

Overview

Description: SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "149C02A7-B5B7-4753-AF3D-9AE2DD3A2694"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C45E5362-8858-4297-BF1D-C1B622D9DA1A"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC179EE9-0B4E-4C17-8A52-24A1FF1917AC"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54EAF890-CBC9-4189-8CAD-A84D7E26C39F"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E15EC084-FE80-429E-B0DA-046EDADB8C51"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_bbpcrm:7.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "277FB4D5-3A87-43C1-BAD8-907BC4B3C9CF"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4crm:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A67C09B3-26CD-43C2-AE41-DD131C975848"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4crm:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A682DEE4-75DE-411F-9F95-4AD1035B4193"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References