CVE-2021-21445

CWE-444HTTP Request Smuggling3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 60.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Commerce CloudSAP Commerce Cloud
Timeline
PublishedJan 12
Latest updateMay 24

Description

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5sap_se/sap_commerce_cloud< 1808+4
NVDsap/commerce_cloud5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-w4g5-mcc7-3767: SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content2022-05-24
CVEList
CVE-2021-21445: SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content2021-01-12
CVE-2021-21445 (MEDIUM CVSS 5.4) | SAP Commerce Cloud | cvebase.io