SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap customer relationship management webclient ui 7.31 |
||
sap customer relationship management webclient ui 7.46 |
||
sap customer relationship management webclient ui 7.47 |
||
sap customer relationship management webclient ui 7.48 |
||
sap customer relationship management webclient ui 8.00 |
||
sap customer relationship management webclient ui 8.01 |
||
sap s4fnd 1.02 |
||
sap sapscore 1.12 |
11 patches ship on Patch Tuesday
While you were sighing your way through Microsoft's Patch Tuesday, enterprise vendor SAP slid 11 security advisories under your door. Top of the list is a depressingly familiar howler in SAP Cloud Connector pre-version 2.11.3: the software neglects authentication checks for functions that require user identity (CVE-2019-0246). A related bug in Cloud Connector (the same versions), CVE-2019-0247, can be exploited to achieve remote code injection. The German titan's systems management environment, ...