cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-37175,https://securityvulnerability.io/vulnerability/CVE-2024-37175,SAP CRM WebClient Authentication Vulnerability Allows Escalation of Privileges,"SAP CRM WebClient does not
perform necessary authorization check for an authenticated user, resulting in
escalation of privileges. This could allow an attacker to access some sensitive
information.",SAP,SAP Crm Webclient Ui,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-07-09T04:07:21.612Z,0
CVE-2024-39598,https://securityvulnerability.io/vulnerability/CVE-2024-39598,SAP CRM Vulnerability: Authenticated Attacker can Enumerate Accessible HTTP Endpoints,"The SAP CRM WebClient UI Framework is susceptible to a vulnerability that allows authenticated attackers to craft specific HTTP requests. By exploiting this flaw, attackers can enumerate the HTTP endpoints available within the internal network. Although this vulnerability does not affect the integrity or availability of the application, it poses a significant risk of information disclosure. Organizations utilizing this product should prioritize mitigating this vulnerability to protect sensitive information from unauthorized access.",SAP,SAP Crm Webclient Ui,7.7,HIGH,0.0004900000058114529,false,false,false,false,,false,false,2024-07-09T04:04:41.283Z,0
CVE-2024-37174,https://securityvulnerability.io/vulnerability/CVE-2024-37174,SAP CRM WebClient Cross-Site Scripting Vulnerability,"Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.",SAP,SAP Crm Webclient Ui,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-07-09T04:01:21.084Z,0
CVE-2024-37173,https://securityvulnerability.io/vulnerability/CVE-2024-37173,SAP CRM WebClient UI Vulnerability Allows Unauthenticated Attacker to Execute Malicious Scripts,"Due to insufficient input validation, SAP
  CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
  embeds a malicious script. When a victim clicks on this link, the script will
  be executed in the victim's browser giving the attacker the ability to access
  and/or modify information with no effect on availability of the application.",SAP,SAP Crm Webclient Ui,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-07-09T03:57:15.928Z,0
CVE-2024-34686,https://securityvulnerability.io/vulnerability/CVE-2024-34686,SAP CRM WebClient UI Vulnerability Allows Unauthorized Access to Victim's Browser,"Due to insufficient input validation, SAP CRM
WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.",SAP,SAP Crm Webclient Ui,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-06-11T02:11:49.630Z,0
CVE-2024-24742,https://securityvulnerability.io/vulnerability/CVE-2024-24742,SAP CRM WebClient UI vulnerable to Cross-Site Scripting (XSS) attack,"SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability.

",SAP,SAP CRM (WebClient UI),4.1,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-13T02:42:56.483Z,0
CVE-2024-22130,https://securityvulnerability.io/vulnerability/CVE-2024-22130,SAP CRM WebClient UI vulnerable to Cross-Site Scripting,"Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.

",SAP,SAP CRM WebClient UI,5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-13T02:29:51.706Z,0
CVE-2023-30742,https://securityvulnerability.io/vulnerability/CVE-2023-30742,Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI),"SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.

",SAP,SAP CRM (WebClient UI),6.1,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2023-29188,https://securityvulnerability.io/vulnerability/CVE-2023-29188,Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI,"SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.

",SAP,SAP CRM WebClient UI,5.4,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2023-05-09T01:15:00.000Z,0
CVE-2019-0245,https://securityvulnerability.io/vulnerability/CVE-2019-0245,,"SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Crm Webclient Ui (SAPscore),SAP Crm Webclient Ui (s4fnd),SAP Crm Webclient Ui (webcuif)",5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0
CVE-2019-0244,https://securityvulnerability.io/vulnerability/CVE-2019-0244,,"SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Crm Webclient Ui (SAPscore),SAP Crm Webclient Ui (s4fnd),SAP Crm Webclient Ui (webcuif)",5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0
CVE-2018-2364,https://securityvulnerability.io/vulnerability/CVE-2018-2364,,"SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Crm Webclient Ui,S4fnd",6.1,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2018-02-14T12:00:00.000Z,0