CVE-2023-29189

Name of the Vulnerable Software and Affected Versions SAP CRM (WebClient UI) versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801

Description The issue allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields.

Recommendations For SAP CRM (WebClient UI) versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, consider restricting access to the web server to minimize the risk of exploitation. As a temporary workaround, consider disabling the modification of HTTP verbs in requests to the web server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.