Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-24742
Analyzed
More InfoOfficial Page
Source-cna@sap.com
View Known Exploited Vulnerability (KEV) details
Published At-13 Feb, 2024 | 03:15
Updated At-16 Oct, 2024 | 21:18

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Secondary3.14.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
CPE Matches
SAP SE
sap
>>crm_-_webclient_ui>>s4fnd_102
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_102:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>s4fnd_103
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_103:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>s4fnd_104
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_104:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>s4fnd_105
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_105:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>s4fnd_106
cpe:2.3:a:sap:crm_-_webclient_ui:s4fnd_106:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>webcuif_701
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_701:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>webcuif_731
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_731:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>webcuif_746
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_746:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>webcuif_747
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_747:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>webcuif_748
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_748:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>webcuif_800
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_800:*:*:*:*:*:*:*
SAP SE
sap
>>crm_-_webclient_ui>>webcuif_801
cpe:2.3:a:sap:crm_-_webclient_ui:webcuif_801:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarycna@sap.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://me.sap.com/notes/3158455cna@sap.com
Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlcna@sap.com
Vendor Advisory
Change History
0Changes found
Details not found