A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
Max CVSS
7.2
EPSS Score
0.10%
Published
2021-07-14
Updated
2021-07-16
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-10-16
Updated
2018-12-10
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-05-12
Updated
2017-01-03
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
Max CVSS
7.5
EPSS Score
0.72%
Published
2015-05-12
Updated
2017-01-03
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
2.03%
Published
2014-11-06
Updated
2014-11-07
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
Max CVSS
10.0
EPSS Score
0.37%
Published
2013-12-13
Updated
2018-12-10
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!