Sensitive Information Exposure in SAP NetWeaver AS JAVA Enterprise Portal
CVE-2021-33687

4.5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver As Java (enterprise Portal)
Vendor
CVE Published:
14 July 2021

Summary

SAP NetWeaver AS JAVA (Enterprise Portal) versions 7.10 through 7.50 may inadvertently expose sensitive information through certain HTTP requests. Attackers can exploit this vulnerability alongside methods such as cross-site scripting (XSS) to gain unauthorized access to confidential data, posing significant risks to the security of affected systems. Security measures should be implemented to mitigate these risks and protect sensitive information.

Affected Version(s)

SAP NetWeaver AS JAVA (Enterprise Portal) < 7.10 < 7.10

SAP NetWeaver AS JAVA (Enterprise Portal) < 7.20 < 7.20

SAP NetWeaver AS JAVA (Enterprise Portal) < 7.30 < 7.30

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3059764
x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Oct/32
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
4.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.