CVE-2023-29189
Published: 11 April 2023
Summary
CVE-2023-29189 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Sap Customer Relationship Management Webclient Ui. Its CVSS base score is 5.4 (Medium).
Operationally, ranked at the 47.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-32790
Vulnerability details
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application…
more
is exposed over the network and successful exploitation can lead to exposure of form fields
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.