CVE-2024-37174

Published Jul 9, 2024

Last updated 3 months ago

CVSS medium 6.1

Overview

Description: Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4fnd:102:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8E0DA63-3FA7-4CC4-A14E-852A632C41BC"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4fnd:103:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "378861FE-CD5D-49A9-8245-538A91190064"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4fnd:104:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA1262DB-E4C8-4298-B423-5EF859CE722F"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4fnd:105:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9D85325-56C8-4043-BDA8-C94FE946B912"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4fnd:106:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42A51853-E87F-47A3-A257-86B28F8F4607"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4fnd:107:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2250BB48-10D6-480F-AE9F-10582674CC9A"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_s4fnd:108:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39AF19C9-275E-41E7-B80A-34E31620ABBA"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F220D25-9344-482A-A36C-9D743EA55DE8"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48791122-7265-4C51-8AEB-DEBC199F9A7F"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9EEA160-B4B4-45E9-84C8-C26E52D6F329"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BDBE717-ADB6-4080-A198-E468080F82B2"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B8775BD-EAB8-4F08-B65D-35B704C0E36B"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BFCEADC-7359-470F-A412-5B2808CF6069"
          },
          {
            "criteria": "cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A387786F-F4F6-44FC-B969-6FB92A1AA096"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References