CVE-2021-21490: SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output…

medium6.1CVSS 3.1

AVNACLPRNUIRSCCLILAN

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
gnu	binutils	>= 0 < 2.24-5ubuntu14.2+esm3	2.24-5ubuntu14.2+esm3
gnu	binutils	>= 0 < 2.26.1-1ubuntu1~16.04.8+esm7	2.26.1-1ubuntu1~16.04.8+esm7
gnu	binutils	>= 0 < 2.30-21ubuntu1~18.04.9+esm1	2.30-21ubuntu1~18.04.9+esm1
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap	netweaver_application_server_abap	—	—
sap_se	sap_netweaver_as_for_abap	< 700	700
sap_se	sap_netweaver_as_for_abap	< 702	702
sap_se	sap_netweaver_as_for_abap	< 710	710
sap_se	sap_netweaver_as_for_abap	< 711	711
sap_se	sap_netweaver_as_for_abap	< 730	730
sap_se	sap_netweaver_as_for_abap	< 731	731
sap_se	sap_netweaver_as_for_abap	< 750	750
sap_se	sap_netweaver_as_for_abap	< 752	752
sap_se	sap_netweaver_as_for_abap	< 75A	75A
sap_se	sap_netweaver_as_for_abap	< 75F	75F

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

osv5.5MEDIUM