CVE-2021-21478

4.7MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver As Abap (web Dynpro Abap)
Vendor
CVE Published:
9 February 2021

Summary

SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Affected Version(s)

SAP NetWeaver AS ABAP (Web Dynpro ABAP) < SAP_UI 750 < SAP_UI 750

SAP NetWeaver AS ABAP (Web Dynpro ABAP) < 752 < 752

SAP NetWeaver AS ABAP (Web Dynpro ABAP) < 753 < 753

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2974582
x_refsource_MISC

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.