CVE-2021-33664

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Abap (applications Based On Web Dynpro Abap)
Vendor: CVE Published:; 9 June 2021

Summary

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected Version(s)

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP) < SAP_UI - 750 < SAP_UI - 750

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP) < 752 < 752

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP) < 753 < 753

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3025604

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
May 28, 2021