Reverse Tabnabbing Vulnerability in SAP Netweaver Application Server Java
CVE-2021-21491

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Java (applications Based On Web Dynpro Java)
Vendor: CVE Published:; 10 March 2021

Summary

SAP Netweaver Application Server Java, particularly in applications using WebDynpro Java, is susceptible to Reverse Tabnabbing vulnerabilities that could allow an attacker to redirect unsuspecting users to harmful websites. This flaw could lead to phishing attacks or data theft as users interact with compromised links within their browser sessions. It is essential for organizations utilizing these versions to review their security practices and apply necessary mitigations to protect against such risks.

Affected Version(s)

SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.00 < 7.00

SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.10 < 7.10

SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) < 7.11 < 7.11

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2976947

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 10, 2021
Vulnerability Reserved
Dec 30, 2020