Cyber Resilience

CVE-2023-29189

Medium

Published: 11 April 2023

Published
11 April 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0024 47.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-29189 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Sap Customer Relationship Management Webclient Ui. Its CVSS base score is 5.4 (Medium).

Operationally, ranked at the 47.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application…

more

is exposed over the network and successful exploitation can lead to exposure of form fields

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sap
customer relationship management s4fnd
102, 103, 104, 105
sap
customer relationship management webclient ui
700, 701, 730, 731, 746

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References