Description
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields
References (2)
Core 2
Core References
Permissions Required
https://launchpad.support.sap.com/#/notes/3269352
Scores
CVSS v3
5.4
EPSS
0.0024
EPSS Percentile
47.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-23
Status
published
Products (13)
sap/customer_relationship_management_s4fnd
102
sap/customer_relationship_management_s4fnd
103
sap/customer_relationship_management_s4fnd
104
sap/customer_relationship_management_s4fnd
105
sap/customer_relationship_management_webclient_ui
700
sap/customer_relationship_management_webclient_ui
701
sap/customer_relationship_management_webclient_ui
730
sap/customer_relationship_management_webclient_ui
731
sap/customer_relationship_management_webclient_ui
746
sap/customer_relationship_management_webclient_ui
747
... and 3 more
Published
Apr 11, 2023
Tracked Since
Feb 18, 2026