Home
MEDIUM: 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:NDefault status
unaffected
S4FND 104
affected
105
affected
106
affected
Description
SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted.
Problem types
CWE-15: External Control of System or Configuration Setting
Product status
S4FND 104
105
106