PT-2019-11209 · Sap · Sap Crm Webclient Ui

Published

2019-01-08

Updated

2019-01-17

CVE-2019-0245

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions prior to 7.31, 7.46, 7.47, 7.48, 8.0, 8.01

Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue.

Recommendations: For SAP CRM WebClient UI versions prior to 7.31, update to version 7.31 or later. For SAP CRM WebClient UI versions 7.31, 7.46, 7.47, 7.48, update to version 8.0 or later, or apply the fix included in SAPSCORE 1.12, S4FND 1.02, or WEBCUIF 8.01.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-0245

Affected Products

Sap Crm Webclient Ui

PT-2019-11209 · Sap · Sap Crm Webclient Ui

CVE-2019-0245

Weakness Enumeration

Related Identifiers

Affected Products

References · 5