Description
Customer Relationship management does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting(XSS) vulnerability.
Some well-known impacts of XSS vulnerability are –
- Impersonates the user and access all information with the same rights as the target user
- Can inject scripts via input parameter and can extract system information as well as the information stored on the server
Available fix and Supported packages
- S4CRM | 100 | 100
- S4CRM | 200 | 200
- BBPCRM | 700 | 700
- BBPCRM | 701 | 701
- BBPCRM | 702 | 702
- BBPCRM | 712 | 712
- BBPCRM | 713 | 713
- BBPCRM | 714 | 714
- | SAPK-S4CLOUD_1905 |
- S4CRM 100 | SAPK-10004INS4CRM |
- S4CRM 200 | SAPK-20002INS4CRM |
- BBPCRM 714 | SAPK-71412INBBPCRM |
- BBPCRM 700 | SAPKU70022 |
- BBPCRM 701 | SAPKU70119 |
- BBPCRM 702 | SAPKU70224 |
- BBPCRM 712 | SAPKU71214 |
- BBPCRM 713 | SAPKU71319 |
Affected component
- CRM-BF-ML
Email Management
CVSS
Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2751806