Customer relationship management
This hub aggregates every CVE we track for Customer relationship management, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
19
CVEs tracked
2
Critical
5
High
1
In CISA KEV
Severity distribution
MEDIUM10HIGH5LOW2CRITICAL2
Monthly trend
0
0
4
0
0
2
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Customer relationship management.
- CVE-2025-707807FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery4.3
- CVE-2024-5716107FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html4.3
- CVE-2024-5716007FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.4.3
- CVE-2024-990407FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload4.7
- CVE-2024-990307FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload4.7
- CVE-2024-985607FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting2.4
- CVE-2024-985507FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload4.7
- CVE-2023-502007FLY CRM Administrator Login Page sql injection7.3
- CVE-2023-305807FLY CRM User Profile cross site scripting3.5
- CVE-2023-27897Code Injection vulnerability in SAP CRM6.0
- CVE-2021-33676A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of th...7.2
- CVE-2018-2380SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" ...KEV6.6
- CVE-2017-15296The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.8.8
- CVE-2017-15294The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.6.1
- CVE-2015-3979Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534.7.5
Product normalization is registry-driven with AI assist and human review. How it works