MIME Sniffing Vulnerability in SAP Commerce Cloud JavaScript Storefront
CVE-2021-33666

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Commerce Cloud
Vendor: CVE Published:; 9 June 2021

What is CVE-2021-33666?

The SAP Commerce Cloud version 100 poses a security vulnerability when hosting a JavaScript storefront due to improper MIME type handling. This flaw allows for MIME sniffing, which could potentially be exploited to launch cross-site scripting (XSS) attacks or distribute malware. Organizations using this version should ensure that they implement proper content type headers to mitigate such risks.

Affected Version(s)

SAP Commerce Cloud < 100

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2985562

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
May 28, 2021