CVE-2023-27897

Name of the Vulnerable Software and Affected Versions SAP CRM versions 700 through 713

Description The issue allows an authenticated attacker with a non-administrative role and common remote execution authorization to use a vulnerable interface and execute an application function, performing actions they would not normally be permitted to do. Depending on the function executed, this can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.

Recommendations For SAP CRM versions 700 through 713, consider restricting access to the vulnerable interface until a patch is available. As a temporary workaround, limit the execution of application functions to only those necessary for operational tasks, and monitor for any unauthorized access or changes.