CVE-2023-29189
Published on: Not Yet Published
Last Modified on: 04/18/2023 07:12:00 PM UTC
Certain versions of Customer Relationship Management S4fnd from Sap contain the following vulnerability:
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields
- CVE-2023-29189 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.4 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | LOW | LOW | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| No Description Provided | Permissions Required launchpad.support.sap.com text/html |
MISC launchpad.support.sap.com/#/notes/3269352 |
| SAP Patch Day Blog | Vendor Advisory web.archive.org text/html Inactive LinkNot Archived |
MISC www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Customer Relationship Management S4fnd | 102 | All | All | All |
| Application | Sap | Customer Relationship Management S4fnd | 103 | All | All | All |
| Application | Sap | Customer Relationship Management S4fnd | 104 | All | All | All |
| Application | Sap | Customer Relationship Management S4fnd | 105 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 700 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 701 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 730 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 731 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 746 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 747 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 748 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 800 | All | All | All |
| Application | Sap | Customer Relationship Management Webclient Ui | 801 | All | All | All |
- cpe:2.3:a:sap:customer_relationship_management_s4fnd:102:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_s4fnd:103:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_s4fnd:104:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_s4fnd:105:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:700:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:701:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:730:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:731:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:746:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:747:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:748:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:800:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:customer_relationship_management_webclient_ui:801:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2023-29189 : #SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730… twitter.com/i/web/status/1… | 2023-04-11 04:09:04 |