CVE-2021-21445
published 2021-01-12CVE-2021-21445: SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | < 1808 | 1808 |
| sap_se | sap_commerce_cloud | < 1811 | 1811 |
| sap_se | sap_commerce_cloud | < 1905 | 1905 |
| sap_se | sap_commerce_cloud | < 2005 | 2005 |
| sap_se | sap_commerce_cloud | < 2011 | 2011 |