Unrated severityNVD Advisory· Published Jun 9, 2021· Updated Aug 3, 2024
CVE-2021-21490
CVE-2021-21490
Description
SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.
Affected products
2- Range: 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F
- SAP SE/SAP NetWeaver AS for ABAP (Web Survey)v5Range: < 700
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.