CVE-2024-24742
Published Feb 13, 2024
Last updated a month ago
Overview
- Description
- SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability.
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.1
- Impact score
- 1.4
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- cna@sap.com
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_102:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81008DC2-A6AC-443B-97C7-FA176CAFB872"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_103:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B47A1AF2-1AA2-473B-B827-3415E92B724D"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_104:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FEBF928-D10C-4CAB-A109-DC90EE5BAC70"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_105:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BD0435C-EE87-4BCF-B4D6-07E29ABECD8E"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_106:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF8E42A5-BEA3-479E-A24F-67136AB59818"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_701:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66F16184-257A-4FC3-9F06-42C7396DFC94"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_731:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C43D99F4-67FF-445C-AB52-B7A7E1C331FC"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_746:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9F31DDF-CE56-4FAF-86B1-EADE327D50D3"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_747:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D10EDE57-6B7A-478E-8873-8EF1340CB0BC"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_748:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACA5B5AA-7045-4784-ABF7-490F3F81FAC9"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_800:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7BD98EF-ABCC-4F39-A52B-B905E5062C1E"
},
{
"criteria": "cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_801:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AB3A28B-D89F-43C4-BE3D-D1B9A0487B51"
}
],
"operator": "OR"
}
]
}
]