CVE-2019-0368

Name of the Vulnerable Software and Affected Versions SAP Customer Relationship Management versions prior to 1.0 and 2.0 SAP Customer Relationship Management (Email Management) versions prior to 7.0, excluding 7.0, 7.01, 7.02, 7.12, 7.13, and 7.14

Description The issue is related to the lack of input data sanitization, which can allow a remote attacker to perform cross-site scripting attacks. This can be exploited by an attacker to execute malicious scripts on the victim's system.

Recommendations For SAP Customer Relationship Management versions prior to 1.0 and 2.0, update to a version that includes proper input sanitization to prevent cross-site scripting attacks. For SAP Customer Relationship Management (Email Management) versions prior to 7.0, excluding 7.0, 7.01, 7.02, 7.12, 7.13, and 7.14, consider restricting access to the mail client until a patch is available that properly encodes user-controlled inputs.