CVE-2024-34686
CVSS V2 None
CVSS V3 None
Description
Due to insufficient input validation, SAP CRM
WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
Overview
- CVE ID
- CVE-2024-34686
- Assigner
- sap
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-11T02:11:49.630Z
- Last Modified Date
- 2024-06-11T13:41:52.606Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://me.sap.com/notes/3465129 | |
| https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-34686 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34686 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 14:30:20 | Added to TrackCVE |