SAP CRM WebClient does not
perform necessary authorization check for an authenticated user, resulting in
escalation of privileges. This could allow an attacker to access some sensitive
information.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00219.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Sap
  • Customer Relationship Management S4fnd
  • Customer Relationship Management Webclient Ui

Configuration 1 [-]

OR cpe:2.3:a:sap:customer_relationship_management_s4fnd:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-36481 SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://me.sap.com/notes/3467377 cve-icon cve-icon cve-icon
https://url.sap/sapsecuritypatchday cve-icon cve-icon cve-icon
History

Mon, 09 Sep 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap customer Relationship Management S4fnd
Sap customer Relationship Management Webclient Ui
CPEs cpe:2.3:a:sap:customer_relationship_management_s4fnd:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_s4fnd:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800:*:*:*:*:*:*:*
cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801:*:*:*:*:*:*:*
Vendors & Products Sap
Sap customer Relationship Management S4fnd
Sap customer Relationship Management Webclient Ui
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2024-08-02T03:50:55.138Z

Reserved: 2024-06-04T07:49:42.491Z

Link: CVE-2024-37175

cve-icon Vulnrichment

Updated: 2024-08-02T03:50:55.138Z

cve-icon NVD

Status : Modified

Published: 2024-07-09T05:15:11.823

Modified: 2024-11-21T09:23:21.793

Link: CVE-2024-37175

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.