CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33676
https://notcve.org/view.php?id=CVE-2021-33676
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. Una falta de comprobación de autoridad en SAP CRM, versiones - 700, 701, 702, 712, 713, 714, podría ser aprovechada por un atacante con altos privilegios para comprometer la confidencialidad, integridad o disponibilidad del sistema • https://launchpad.support.sap.com/#/notes/3066316 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15294
https://notcve.org/view.php?id=CVE-2017-15294
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. La consola de administración Java en SAP CRM tiene XSS. Esto corresponde con SAP Security Note 2478964. • http://www.securityfocus.com/bid/99532 https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017 https://erpscan.io/advisories/erpscan-17-035-xss-crm-administration-console-java • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15296
https://notcve.org/view.php?id=CVE-2017-15296
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. El componente Java en SAP CRM tiene CSRF. Esto corresponde con SAP Security Note 2478964. • https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017 https://erpscan.io/advisories/erpscan-17-036-csrf-sap-java-crm • CWE-352: Cross-Site Request Forgery (CSRF) •