CVE-2021-33666

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Commerce Cloud
Vendor: CVE Published:; 9 June 2021

Summary

When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation.

Affected Version(s)

SAP Commerce Cloud < 100

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2985562

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
May 28, 2021