CVE-2018-2364

Published: Feb 14, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.

Vendor	Product	Versions
SAP SE	SAP CRM WebClient UI	affected `7.01` affected `7.31` affected `7.46` affected `7.47` affected `7.48` +2 more versions
SAP SE	S4FND	affected `1.02`

References

103002

vdb-entry

x_refsource_BID

https://launchpad.support.sap.com/#/notes/2541700

x_refsource_CONFIRM

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-2364

Description

Affected Products

References