CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27897 – Code Injection vulnerability in SAP CRM
https://notcve.org/view.php?id=CVE-2023-27897
11 Apr 2023 — In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability. • https://launchpad.support.sap.com/#/notes/3309056 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33676
https://notcve.org/view.php?id=CVE-2021-33676
14 Jul 2021 — A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. Una falta de comprobación de autoridad en SAP CRM, versiones - 700, 701, 702, 712, 713, 714, podría ser aprovechada por un atacante con altos privilegios para comprometer la confidencialidad, integridad o disponibilidad del sistema • https://launchpad.support.sap.com/#/notes/3066316 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15294
https://notcve.org/view.php?id=CVE-2017-15294
16 Oct 2017 — The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. La consola de administración Java en SAP CRM tiene XSS. Esto corresponde con SAP Security Note 2478964. • http://www.securityfocus.com/bid/99532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15296
https://notcve.org/view.php?id=CVE-2017-15296
16 Oct 2017 — The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. El componente Java en SAP CRM tiene CSRF. Esto corresponde con SAP Security Note 2478964. • https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017 • CWE-352: Cross-Site Request Forgery (CSRF) •