6.5
CVE-2024-37175
- EPSS 0.22%
- Veröffentlicht 09.07.2024 05:15:11
- Zuletzt bearbeitet 21.11.2024 09:23:21
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Customer Relationship Management S4fnd Version102
SAP ≫ Customer Relationship Management S4fnd Version103
SAP ≫ Customer Relationship Management S4fnd Version104
SAP ≫ Customer Relationship Management S4fnd Version105
SAP ≫ Customer Relationship Management S4fnd Version106
SAP ≫ Customer Relationship Management S4fnd Version107
SAP ≫ Customer Relationship Management S4fnd Version108
SAP ≫ Customer Relationship Management Webclient Ui Version701
SAP ≫ Customer Relationship Management Webclient Ui Version731
SAP ≫ Customer Relationship Management Webclient Ui Version746
SAP ≫ Customer Relationship Management Webclient Ui Version747
SAP ≫ Customer Relationship Management Webclient Ui Version748
SAP ≫ Customer Relationship Management Webclient Ui Version800
SAP ≫ Customer Relationship Management Webclient Ui Version801
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.444 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| cna@sap.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.