cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-37175,https://securityvulnerability.io/vulnerability/CVE-2024-37175,SAP CRM WebClient Authentication Vulnerability Allows Escalation of Privileges,"SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.",SAP,SAP Crm Webclient Ui,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-07-09T04:07:21.612Z,0 CVE-2024-39598,https://securityvulnerability.io/vulnerability/CVE-2024-39598,SAP CRM Vulnerability: Authenticated Attacker can Enumerate Accessible HTTP Endpoints,"The SAP CRM WebClient UI Framework is susceptible to a vulnerability that allows authenticated attackers to craft specific HTTP requests. By exploiting this flaw, attackers can enumerate the HTTP endpoints available within the internal network. Although this vulnerability does not affect the integrity or availability of the application, it poses a significant risk of information disclosure. Organizations utilizing this product should prioritize mitigating this vulnerability to protect sensitive information from unauthorized access.",SAP,SAP Crm Webclient Ui,7.7,HIGH,0.0004900000058114529,false,false,false,false,,false,false,2024-07-09T04:04:41.283Z,0 CVE-2024-37174,https://securityvulnerability.io/vulnerability/CVE-2024-37174,SAP CRM WebClient Cross-Site Scripting Vulnerability,"Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.",SAP,SAP Crm Webclient Ui,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-07-09T04:01:21.084Z,0 CVE-2024-37173,https://securityvulnerability.io/vulnerability/CVE-2024-37173,SAP CRM WebClient UI Vulnerability Allows Unauthenticated Attacker to Execute Malicious Scripts,"Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.",SAP,SAP Crm Webclient Ui,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-07-09T03:57:15.928Z,0 CVE-2024-34686,https://securityvulnerability.io/vulnerability/CVE-2024-34686,SAP CRM WebClient UI Vulnerability Allows Unauthorized Access to Victim's Browser,"Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.",SAP,SAP Crm Webclient Ui,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-06-11T02:11:49.630Z,0 CVE-2024-24742,https://securityvulnerability.io/vulnerability/CVE-2024-24742,SAP CRM WebClient UI vulnerable to Cross-Site Scripting (XSS) attack,"SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability. ",SAP,SAP CRM (WebClient UI),4.1,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-13T02:42:56.483Z,0 CVE-2024-22130,https://securityvulnerability.io/vulnerability/CVE-2024-22130,SAP CRM WebClient UI vulnerable to Cross-Site Scripting,"Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation. ",SAP,SAP CRM WebClient UI,5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2024-02-13T02:29:51.706Z,0 CVE-2023-30742,https://securityvulnerability.io/vulnerability/CVE-2023-30742,Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI),"SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker. ",SAP,SAP CRM (WebClient UI),6.1,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0 CVE-2023-29188,https://securityvulnerability.io/vulnerability/CVE-2023-29188,Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI,"SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data. ",SAP,SAP CRM WebClient UI,5.4,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2023-05-09T01:15:00.000Z,0 CVE-2023-23856,https://securityvulnerability.io/vulnerability/CVE-2023-23856,,"In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application. ",SAP,SAP BusinessObjects Business Intelligence (Web Intelligence UI),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-02-14T04:15:00.000Z,0 CVE-2022-27656,https://securityvulnerability.io/vulnerability/CVE-2022-27656,,"The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Netweaver As For Abap And Java (icm Administration Ui),SAP Web Dispatcher (web Administration Ui)",6.1,MEDIUM,0.0007900000200606883,false,false,false,false,,false,false,2022-05-11T14:53:55.000Z,0 CVE-2020-6273,https://securityvulnerability.io/vulnerability/CVE-2020-6273,,"SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.",SAP,SAP S/4 Hana (fiori Ui For General Ledger Accounting),4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-08-12T13:19:40.000Z,0 CVE-2020-6240,https://securityvulnerability.io/vulnerability/CVE-2020-6240,,"SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service",SAP,"SAP Netweaver As Abap (web Dynpro Abap) (SAP Ui),SAP Netweaver As Abap (web Dynpro Abap) (SAP Basis)",5.3,MEDIUM,0.0012400000123307109,false,false,false,false,,false,false,2020-05-12T17:46:58.000Z,0 CVE-2019-0388,https://securityvulnerability.io/vulnerability/CVE-2019-0388,,"SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.",SAP,"SAP Ui,SAP Ui 700",5.3,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2019-11-13T22:17:37.000Z,0 CVE-2019-0244,https://securityvulnerability.io/vulnerability/CVE-2019-0244,,"SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Crm Webclient Ui (SAPscore),SAP Crm Webclient Ui (s4fnd),SAP Crm Webclient Ui (webcuif)",5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0 CVE-2019-0245,https://securityvulnerability.io/vulnerability/CVE-2019-0245,,"SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Crm Webclient Ui (SAPscore),SAP Crm Webclient Ui (s4fnd),SAP Crm Webclient Ui (webcuif)",5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2019-01-08T20:00:00.000Z,0 CVE-2018-2434,https://securityvulnerability.io/vulnerability/CVE-2018-2434,,"A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.",SAP,"SAP Netweaver (ui Infra),SAP Ui Implementation For Decoupled Innovations (ui 700),SAP Netweaver,SAP User Interface Technology (SAP Ui)",4.3,MEDIUM,0.0017399999778717756,false,false,false,false,,false,false,2018-07-10T18:00:00.000Z,0 CVE-2018-2428,https://securityvulnerability.io/vulnerability/CVE-2018-2428,,"Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.",SAP,"SAP Infrastructure,SAP Ui,SAP Ui For SAP Netweaver 7.00",5.3,MEDIUM,0.0013500000350177288,false,false,false,false,,false,false,2018-06-12T15:00:00.000Z,0 CVE-2018-2424,https://securityvulnerability.io/vulnerability/CVE-2018-2424,,"SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00",SAP,"SAP Hana Database,SAP Ui5,SAP Ui5(java),SAP Ui,SAP Ui For SAP Netweaver 7.00",9.8,CRITICAL,0.0021699999924749136,false,false,false,false,,false,false,2018-06-12T15:00:00.000Z,0 CVE-2018-2364,https://securityvulnerability.io/vulnerability/CVE-2018-2364,,"SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,"SAP Crm Webclient Ui,S4fnd",6.1,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2018-02-14T12:00:00.000Z,0