CVE-2021-27615

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Manufacturing Execution
Vendor: CVE Published:; 9 June 2021

Summary

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks.

Affected Version(s)

SAP Manufacturing Execution < 15.1 < 15.1

SAP Manufacturing Execution < 1.5.2 < 1.5.2

SAP Manufacturing Execution < 15.3 < 15.3

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3030961

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Feb 23, 2021