CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-29189 – HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
https://notcve.org/view.php?id=CVE-2023-29189
11 Apr 2023 — SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields • https://launchpad.support.sap.com/#/notes/3269352 • CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15294
https://notcve.org/view.php?id=CVE-2017-15294
16 Oct 2017 — The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. La consola de administración Java en SAP CRM tiene XSS. Esto corresponde con SAP Security Note 2478964. • http://www.securityfocus.com/bid/99532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15296
https://notcve.org/view.php?id=CVE-2017-15296
16 Oct 2017 — The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. El componente Java en SAP CRM tiene CSRF. Esto corresponde con SAP Security Note 2478964. • https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017 • CWE-352: Cross-Site Request Forgery (CSRF) •