Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server ABAP
CVE-2021-33665

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Abap (applications Based On SAP Gui For Html)
Vendor: CVE Published:; 9 June 2021

What is CVE-2021-33665?

The SAP NetWeaver Application Server ABAP has a vulnerability that arises from inadequate encoding of user-controlled inputs. This oversight permits attackers to exploit Cross-Site Scripting (XSS) weakness, potentially allowing them to inject malicious scripts into web pages viewed by other users. Such attacks can lead to unauthorized actions being performed on behalf of users, compromising user data and application integrity.

Affected Version(s)

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML) < KRNL64NUC - 7.49 < KRNL64NUC - 7.49

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML) < KRNL64UC - 7.49 < KRNL64UC - 7.49

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML) < 7.53 < 7.53

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3028370

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
May 28, 2021