Back to overview

CVE-2026-44768

MEDIUM
4.1
CVSS 3.1
Description
SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted.

Metadata

CVE ID
CVE-2026-44768
State
PUBLISHED
Assigner
sap
Reserved
2026-05-07 18:39 UTC
Published
2026-07-14 00:20 UTC
Last updated
2026-07-14 00:20 UTC
Primary CWE
CWE-15
CWE-15: External Control of System or Configuration Setting
Vendor / Product
SAP_SE / SAP CRM (WebClient UI)
Sources
cve.org  ·  NVD

Severity & Metrics

4.1 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
SAP_SE SAP CRM (WebClient UI) S4FND 104, 105, 106
Weakness (CWE)
CWESourceDescription
CWE-15 cna CWE-15: External Control of System or Configuration Setting
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.1 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Back to overview