Improper Input Validation in SAP Commerce Cloud
CVE-2021-21445

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Commerce Cloud
Vendor: CVE Published:; 12 January 2021

What is CVE-2021-21445?

SAP Commerce Cloud versions 1808, 1811, 1905, 2005, and 2011 are impacted by a vulnerability that allows authenticated attackers to include invalidated data in the HTTP response Content Type header. This issue arises from insufficient input validation, potentially leading to advanced exploitation tactics such as cross-site scripting and page hijacking, which can compromise web user integrity and application security.

Affected Version(s)

SAP Commerce Cloud < 1808 < 1808

SAP Commerce Cloud < 1811 < 1811

SAP Commerce Cloud < 1905 < 1905

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2984034

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2021
Vulnerability Reserved
Dec 30, 2020