Cross-Site Scripting Vulnerability in SAP Manufacturing Execution Products
CVE-2021-27615

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Manufacturing Execution
Vendor: CVE Published:; 9 June 2021

Summary

SAP Manufacturing Execution versions 15.1, 1.5.2, 15.3, and 15.4 are missing essential HTTP security headers in their HTTP response. This absence creates an opportunity for attackers to exploit the system, potentially allowing the execution of Cross-Site Scripting (XSS) attacks. Such vulnerabilities can be used to inject malicious scripts into web applications, potentially compromising sensitive user data and affecting the integrity of the application.

Affected Version(s)

SAP Manufacturing Execution < 15.1 < 15.1

SAP Manufacturing Execution < 1.5.2 < 1.5.2

SAP Manufacturing Execution < 15.3 < 15.3

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3030961

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Feb 23, 2021