CVE-2021-33687

4.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver As Java (enterprise Portal)
Vendor: CVE Published:; 14 July 2021

Summary

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

Affected Version(s)

SAP NetWeaver AS JAVA (Enterprise Portal) < 7.10 < 7.10

SAP NetWeaver AS JAVA (Enterprise Portal) < 7.20 < 7.20

SAP NetWeaver AS JAVA (Enterprise Portal) < 7.30 < 7.30

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3059764

x_refsource_MISC

http://seclists.org/fulldisclosure/2021/Oct/32

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
May 28, 2021