CVE-2024-37173
CVSS V2 None
CVSS V3 None
Description
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
Overview
- CVE ID
- CVE-2024-37173
- Assigner
- sap
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-09T03:57:15.928Z
- Last Modified Date
- 2024-07-09T03:57:15.928Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://url.sap/sapsecuritypatchday | |
https://me.sap.com/notes/3467377 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-37173 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37173 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-07-09 13:06:40 | Added to TrackCVE |