Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3838 articles · 175945 vulns · 37/41 feeds (7d)
← Back to list
4.1
CVE-2026-44768EXPLOITED
sap · sap crm (webclient ui)

Security misconfiguration in SAP CRM (WebClient UI)

Description

A vulnerability was found in SAP CRM WebClient UI 105/106/S4FND 104 and classified as problematic. This issue affects some unknown processing. The manipulation results in permissive cross-domain policy with untrusted domains.

Affected Products

VendorProductVersions
sapsap crm (webclient ui)S4FND 104, 105, 106

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
sapsap softwarecert_advisory90%

References

  • https://me.sap.com/notes/3155685
  • https://url.sap/sapsecuritypatchday

Related News (2 articles)

Tier B
BSI Advisories11h ago
[NEU] [hoch] SAP Patch Day Juli 2026
→ No new info (linked only)
Tier C
VulDB20h ago
CVE-2026-44768 | SAP CRM WebClient UI 105/106/S4FND 104 cross-domain policy
→ No new info (linked only)
CVSS 3.14.1 MEDIUM
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-15
PublishedJul 14, 2026
Last enriched19h agov2
Trending Score51
Source articles2
Independent2
Info Completeness8/14
Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-44747EXP
Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP
Trending: 75
CRITICALCVE-2026-44761EXP
Insecure Sample Credentials in SAP Commerce Cloud
Trending: 61
CRITICALCVE-2026-44745EXP
Open Redirect vulnerability in SAP Approuter
Trending: 61
HIGHCVE-2026-44752EXP
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)
Trending: 59
CRITICALCVE-2026-40128
Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
Trending: 59

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Actively Exploited
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, activelyExploited
Jul 14, 2026

Version History

v2
Last enriched 19h ago
v2Tier C19h ago

Updated description with new details about the cross-domain policy issue and marked the vulnerability as actively exploited.

descriptionactivelyExploited
via VulDB
v120h ago

Initial creation