CVE-2019-0368

Published: Oct 8, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.

Vendor	Product	Versions
SAP SE	SAP Customer Relationship Management (Email Management - S4CRM)	affected `< 1.0` affected `< 2.0`
SAP SE	SAP Customer Relationship Management (Email Management - BBPCRM)	affected `< 7.0` affected `< 7.01` affected `< 7.02` affected `< 7.12` affected `< 7.13` +1 more versions

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2751806

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-0368

Description

Affected Products

References