Sap Contact Center vulnerabilities

CVE-2021-33672 [CRITICAL] CWE-116 CVE-2021-33672: Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an att Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the attacker can further execute operating system level c

CVE-2021-33675 [MEDIUM] CWE-79 CVE-2021-33675: Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-contro Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim's browser.

CVE-2021-33674 [MEDIUM] CWE-79 CVE-2021-33674: Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-contro Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser.

CVE-2021-33673 [MEDIUM] CWE-79 CVE-2021-33673: Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-control Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim's browser. Due to the usage of ActiveX