CVE-2024-37175
📋 TL;DR
CVE-2024-37175 is a missing authorization vulnerability in SAP CRM WebClient that allows authenticated users to escalate privileges and access sensitive information they shouldn't have permission to view. This affects organizations using SAP CRM WebClient with insufficient authorization controls.
💻 Affected Systems
- SAP CRM WebClient
📦 What is this software?
Customer Relationship Management S4fnd by Sap
View all CVEs affecting Customer Relationship Management S4fnd →
Customer Relationship Management S4fnd by Sap
View all CVEs affecting Customer Relationship Management S4fnd →
Customer Relationship Management S4fnd by Sap
View all CVEs affecting Customer Relationship Management S4fnd →
Customer Relationship Management S4fnd by Sap
View all CVEs affecting Customer Relationship Management S4fnd →
Customer Relationship Management S4fnd by Sap
View all CVEs affecting Customer Relationship Management S4fnd →
Customer Relationship Management S4fnd by Sap
View all CVEs affecting Customer Relationship Management S4fnd →
Customer Relationship Management S4fnd by Sap
View all CVEs affecting Customer Relationship Management S4fnd →
Customer Relationship Management Webclient Ui by Sap
View all CVEs affecting Customer Relationship Management Webclient Ui →
Customer Relationship Management Webclient Ui by Sap
View all CVEs affecting Customer Relationship Management Webclient Ui →
Customer Relationship Management Webclient Ui by Sap
View all CVEs affecting Customer Relationship Management Webclient Ui →
Customer Relationship Management Webclient Ui by Sap
View all CVEs affecting Customer Relationship Management Webclient Ui →
Customer Relationship Management Webclient Ui by Sap
View all CVEs affecting Customer Relationship Management Webclient Ui →
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could access highly sensitive customer data, financial information, or business-critical records, potentially leading to data breaches, regulatory violations, and business disruption.
Likely Case
An authenticated user with limited permissions could access moderately sensitive CRM data beyond their authorized scope, potentially exposing customer information or business data.
If Mitigated
With proper network segmentation, least privilege access controls, and monitoring, impact would be limited to authorized users accessing slightly more data than intended within their existing access scope.
🎯 Exploit Status
Exploitation requires authenticated access but minimal technical skill once authenticated
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply SAP Security Note 3467377
Vendor Advisory: https://me.sap.com/notes/3467377
Restart Required: Yes
Instructions:
1. Download SAP Note 3467377 from SAP Support Portal. 2. Apply the security patch following SAP's standard patching procedures. 3. Restart affected SAP CRM WebClient services. 4. Verify the patch is applied correctly.
🔧 Temporary Workarounds
Implement Strict Authorization Controls
allEnforce additional authorization checks at application layer and implement principle of least privilege
Network Segmentation
allRestrict access to SAP CRM WebClient to only necessary users and systems
🧯 If You Can't Patch
- Implement strict role-based access controls and regularly audit user permissions
- Monitor access logs for unusual patterns of data access by authenticated users
🔍 How to Verify
Check if Vulnerable:
Check if SAP Note 3467377 is applied in your SAP system using transaction SNOTECheck Version:
Use SAP transaction SM51 or check system info in SAP GUIVerify Fix Applied:
Verify SAP Note 3467377 is successfully implemented and test authorization controls📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to sensitive CRM data by authenticated users
- Multiple authorization failure attempts followed by successful access
Network Indicators:
- Unusual data retrieval patterns from CRM WebClient interfaces
SIEM Query:
source="sap_crm" AND (event_type="authorization_failure" OR data_access="sensitive") AND user!="authorized_role"