CVE-2024-22130

Name: CVE-2024-22130
Creator: NVD / NIST
Published: 2024-02-13T03:15:08.163+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.4/10EPSS 0.32%

Last modified Jun 17, 2026

CVE-2024-22130 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation. . EPSS estimates a 0.32% chance of exploitation in the next 30 days.

Description

Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.32%

24.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Sap	Crm - Webclient Ui	s4fnd_102
Sap	Crm - Webclient Ui	s4fnd_103
Sap	Crm - Webclient Ui	s4fnd_104
Sap	Crm - Webclient Ui	s4fnd_105
Sap	Crm - Webclient Ui	s4fnd_106
Sap	Crm - Webclient Ui	s4fnd_107
Sap	Crm - Webclient Ui	s4fnd_108
Sap	Crm - Webclient Ui	webcuif_700
Sap	Crm - Webclient Ui	webcuif_701
Sap	Crm - Webclient Ui	webcuif_730
Sap	Crm - Webclient Ui	webcuif_731
Sap	Crm - Webclient Ui	webcuif_746
Sap	Crm - Webclient Ui	webcuif_747
Sap	Crm - Webclient Ui	webcuif_748
Sap	Crm - Webclient Ui	webcuif_800
Sap	Crm - Webclient Ui	webcuif_801

References

https://me.sap.com/notes/3410875Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://me.sap.com/notes/3410875Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

Timeline

Published: Feb 13, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-22130?

How severe is CVE-2024-22130?

CVE-2024-22130 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.32% probability of exploitation in the next 30 days.

How do I fix CVE-2024-22130?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-22130?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST