Reverse Tabnabbing Vulnerability in SAP Netweaver Application Server Java
CVE-2021-21491
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 10 March 2021
Summary
SAP Netweaver Application Server Java, particularly in applications using WebDynpro Java, is susceptible to Reverse Tabnabbing vulnerabilities that could allow an attacker to redirect unsuspecting users to harmful websites. This flaw could lead to phishing attacks or data theft as users interact with compromised links within their browser sessions. It is essential for organizations utilizing these versions to review their security practices and apply necessary mitigations to protect against such risks.
Affected Version(s)
SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.00 < 7.00
SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.10 < 7.10
SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.11 < 7.11
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved