CVE-2023-27897

MEDIUM

SAP CRM 700-713 - Authenticated Code Injection via Vulnerable Interface

Title source: llm

Description

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3309056

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.0

EPSS 0.0132

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (5)

sap/customer_relationship_management 700

sap/customer_relationship_management 701

sap/customer_relationship_management 702

sap/customer_relationship_management 712

sap/customer_relationship_management 713

Published Apr 11, 2023

Tracked Since Feb 18, 2026