Stored Cross-Site Scripting Vulnerability in SAP NetWeaver Enterprise Portal
CVE-2021-21489

4.8MEDIUM

Key Information:

Vendor

SAP
Status
SAP Netweaver Enterprise Portal
Vendor
CVE Published:
14 September 2021

What is CVE-2021-21489?

The SAP NetWeaver Enterprise Portal has a vulnerability that arises from inadequate encoding of user-related data, leading to a stored Cross-Site Scripting (XSS) scenario. An attacker with administrative access can exploit this vulnerability by embedding a malicious script into the portal. Once executed by an unsuspecting user, this script could undermine the confidentiality and integrity of sensitive content within the portal, posing significant risks to user data and overall system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver Enterprise Portal < 7.10 < 7.10

SAP NetWeaver Enterprise Portal < 7.11 < 7.11

SAP NetWeaver Enterprise Portal < 7.20 < 7.20

References

https://launchpad.support.sap.com/#/notes/3082219
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.