Server-Side Request Forgery in SAP NetWeaver Portal's Iviews Editor
CVE-2021-33705
8.1HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 15 September 2021
What is CVE-2021-33705?
The SAP NetWeaver Portal Iviews Editor component is susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This allows unauthenticated attackers to craft malicious URLs that, when accessed by a user, can initiate requests to any internal or external server. This exploitation could lead to unauthorized access or modification of data linked to the Portal, although it does not compromise the system's availability.
Affected Version(s)
SAP NetWeaver Enterprise Portal < 7.10 < 7.10
SAP NetWeaver Enterprise Portal < 7.11 < 7.11
SAP NetWeaver Enterprise Portal < 7.20 < 7.20