Reverse Tabnabbing Vulnerability in SAP Netweaver Application Server Java
CVE-2021-21491

4.7MEDIUM

Key Information:

Summary

SAP Netweaver Application Server Java, particularly in applications using WebDynpro Java, is susceptible to Reverse Tabnabbing vulnerabilities that could allow an attacker to redirect unsuspecting users to harmful websites. This flaw could lead to phishing attacks or data theft as users interact with compromised links within their browser sessions. It is essential for organizations utilizing these versions to review their security practices and apply necessary mitigations to protect against such risks.

Affected Version(s)

SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.00 < 7.00

SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.10 < 7.10

SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.11 < 7.11

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.