CVE-2021-33664Cross-site Scripting in SE SAP Netweaver Application Server Abap

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 53.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver Application Server AbapSAP Netweaver Application Server Abap
Timeline
PublishedJun 9
Latest updateMay 24

Description

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_application7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-g4rm-cj97-hgg6: SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not2022-05-24
CVEList
CVE-2021-33664: SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not2021-06-09
CVE-2021-33664 — Cross-site Scripting | cvebase