CVE-2023-29188

Name of the Vulnerable Software and Affected Versions SAP CRM WebClient UI versions SAPSCORE 129, S4FND 102 through S4FND 107, WEBCUIF 701 through WEBCUIF 801

Description The SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue. After successful exploitation, an attacker with user-level access can read and modify some sensitive information but cannot delete the data. The vulnerability exists due to inadequate protection of the web page structure, allowing a remote attacker to conduct an XSS attack.

Recommendations For SAP CRM WebClient UI versions SAPSCORE 129, S4FND 102 through S4FND 107, and WEBCUIF 701 through WEBCUIF 801, consider implementing proper input encoding to prevent XSS attacks. As a temporary workaround, restrict access to sensitive information and monitor user activity to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.