) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:sap:customer_relationship_management:7.02:ehp2:*:*:*:*:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-2380 |
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. Published: March 01, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 6.5 MEDIUM |
| CVE-2014-1962 |
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. Published: February 14, 2014; 10:55:07 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2013-7095 |
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. Published: December 13, 2013; 3:08:40 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |