CVE-2021-21476

4.7MEDIUM

Key Information:

Vendor
SAP
Status
Vendor
CVE Published:
9 February 2021

Summary

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Affected Version(s)

SAP UI5 < 1.38.49 < 1.38.49

SAP UI5 < 1.52.49 < 1.52.49

SAP UI5 < 1.60.34 < 1.60.34

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.