SAP CRM WebClient Auth Bypass Enables Priv Escalation
CVE-2024-37175 Published on July 9, 2024
[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
SAP CRM WebClient does not
perform necessary authorization check for an authenticated user, resulting in
escalation of privileges. This could allow an attacker to access some sensitive
information.
Vulnerability Analysis
CVE-2024-37175 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-37175 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-37175
stack.watch emails you whenever new vulnerabilities are published in SAP Customer Relationship Management Webclient Ui or SAP Customer Relationship Management S4fnd. Just hit a watch button to start following.
Affected Versions
SAP_SE SAP CRM WebClient UI:- Version S4FND 102 is affected.
- Version S4FND 103 is affected.
- Version S4FND 104 is affected.
- Version S4FND 105 is affected.
- Version S4FND 106 is affected.
- Version S4FND 107 is affected.
- Version S4FND 108 is affected.
- Version WEBCUIF 701 is affected.
- Version WEBCUIF 731 is affected.
- Version WEBCUIF 746 is affected.
- Version WEBCUIF 747 is affected.
- Version WEBCUIF 748 is affected.
- Version WEBCUIF 800 is affected.
- Version WEBCUIF 801 is affected.
- Version S4FND102, <= S4FND108 is affected.
- Version WEBCUIF701 is affected.
- Version WEBCUIF731 is affected.
- Version WEBCUIF746, <= WEBCUIF748 is affected.
- Version WEBCUIF800, <= WEBCUIF801 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.