CVE-2019-0244

MEDIUM

SAP CRM WebClient UI - Cross-Site Scripting via User-Controlled Input

Title source: llm

Description

SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

References (3)

Core 3

Core References

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2588763

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106473

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985

Scores

CVSS v3 5.4

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (8)

sap/customer_relationship_management_webclient_ui 7.31

sap/customer_relationship_management_webclient_ui 7.46

sap/customer_relationship_management_webclient_ui 7.47

sap/customer_relationship_management_webclient_ui 7.48

sap/customer_relationship_management_webclient_ui 8.00

sap/customer_relationship_management_webclient_ui 8.01

sap/s4fnd 1.02

sap/sapscore 1.12

Published Jan 08, 2019

Tracked Since Feb 18, 2026