CVE-2024-37175

medium

Description

SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3467377

Details

Source: Mitre, NVD

Published: 2024-07-09

Updated: 2024-09-09

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium