SAP » Customer Relationship Management : Security Vulnerabilities, CVEs, CVSS score >= 7
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
Max CVSS
7.2
EPSS Score
0.10%
Published
2021-07-14
Updated
2021-07-16
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-10-16
Updated
2018-12-10
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-05-12
Updated
2017-01-03
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.
Max CVSS
7.5
EPSS Score
0.72%
Published
2015-05-12
Updated
2017-01-03
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
2.03%
Published
2014-11-06
Updated
2014-11-07
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
Max CVSS
10.0
EPSS Score
0.37%
Published
2013-12-13
Updated
2018-12-10
6 vulnerabilities found