CVE-2021-21491

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 67.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver Application Server Java (applications Based ON WEB Dynpro Java)SAP Netweaver Application Server Java
Timeline
PublishedMar 10
Latest updateMay 24

Description

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_application8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-5hw2-3847-332f: SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 72022-05-24
CVEList
CVE-2021-21491: SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 72021-03-10
CVE-2021-21491 (MEDIUM CVSS 6.1) | SAP Netweaver Application Server Ja | cvebase.io