CVE-2024-37174
moderate-risk
Published 2024-07-09
Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.
Do I need to act?
-
0.59% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
NETWORK
/ LOW complexity
Affected Products (14)
Customer Relationship Management S4Fnd
Customer Relationship Management S4Fnd
Customer Relationship Management S4Fnd
Customer Relationship Management S4Fnd
Customer Relationship Management S4Fnd
Customer Relationship Management S4Fnd
Customer Relationship Management S4Fnd
Customer Relationship Management Webclient Ui
Customer Relationship Management Webclient Ui
Customer Relationship Management Webclient Ui
Customer Relationship Management Webclient Ui
Customer Relationship Management Webclient Ui
Customer Relationship Management Webclient Ui
Customer Relationship Management Webclient Ui
Affected Vendors
References (4)
Permissions Required
https://me.sap.com/notes/3467377
Vendor Advisory
https://url.sap/sapsecuritypatchday
Permissions Required
https://me.sap.com/notes/3467377
Vendor Advisory
https://url.sap/sapsecuritypatchday
43
/ 100
moderate-risk
Severity
23/34 · High
Exploitability
2/34 · Minimal
Exposure
18/34 · Moderate