sap customer_relationship_management CVE Vulnerabilities (10)

CVEs: 10 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting sap customer_relationship_management (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 110 of 10 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-27897 In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability. [email protected] 6.0 0.65% 2023-04-10 2026-06-17
CVE-2021-33676 A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. [email protected] 7.2 0.91% 2021-07-14 2026-06-16
CVE-2018-2380 KEV SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. [email protected] 6.6 28.89% 2018-03-01 2026-06-16
CVE-2017-15296 The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. [email protected] 8.8 0.55% 2017-10-16 2026-06-16
CVE-2017-15294 The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. [email protected] 6.1 0.98% 2017-10-16 2026-06-16
CVE-2015-3980 SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. [email protected] 7.5 1.44% 2015-05-12 2026-06-16
CVE-2015-3979 Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. [email protected] 7.5 2.45% 2015-05-12 2026-06-16
CVE-2014-8669 The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. [email protected] 10.0 5.48% 2014-11-06 2026-06-16
CVE-2014-1962 Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. [email protected] 5.0 1.47% 2014-02-14 2026-06-16
CVE-2013-7095 The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. [email protected] 10.0 2.06% 2013-12-13 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence