CVE-2021-21476
published 2021-02-09CVE-2021-21476: SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | ui5 | < 1.38.49 | 1.38.49 |
| sap | ui5 | >= 1.50.5 < 1.52.49 | 1.52.49 |
| sap | ui5 | >= 1.60.1 < 1.60.34 | 1.60.34 |
| sap | ui5 | >= 1.71.0 < 1.71.31 | 1.71.31 |
| sap | ui5 | >= 1.78.0 < 1.78.18 | 1.78.18 |
| sap | ui5 | >= 1.84.0 < 1.84.5 | 1.84.5 |
| sap | ui5 | >= 1.85.0 < 1.85.4 | 1.85.4 |
| sap | ui5 | >= 1.86.0 < 1.86.1 | 1.86.1 |
| sap_se | sap_ui5 | < 1.38.49 | 1.38.49 |
| sap_se | sap_ui5 | < 1.52.49 | 1.52.49 |
| sap_se | sap_ui5 | < 1.60.34 | 1.60.34 |
| sap_se | sap_ui5 | < 1.71.31 | 1.71.31 |
| sap_se | sap_ui5 | < 1.78.18 | 1.78.18 |
| sap_se | sap_ui5 | < 1.84.5 | 1.84.5 |
| sap_se | sap_ui5 | < 1.85.4 | 1.85.4 |
| sap_se | sap_ui5 | < 1.86.1 | 1.86.1 |