CVE-2024-24742

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102 through S4FND 106 SAP CRM WebClient UI versions WEBCUIF 701 through WEBCUIF 801

Description: The SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue. An attacker with low privileges can cause limited impact to the integrity of the application data after successful exploitation. There is no impact on confidentiality and availability. The vulnerability exists due to a lack of protection of the web page structure, allowing a remote attacker to conduct an XSS attack.

Recommendations: For SAP CRM WebClient UI versions S4FND 102 through S4FND 106, update to a version that includes the fix for this issue. For SAP CRM WebClient UI versions WEBCUIF 701 through WEBCUIF 801, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable UI components until a patch is available.