VYPR
Unrated severityNVD Advisory· Published Oct 12, 2021· Updated Aug 4, 2024

CVE-2021-38183

CVE-2021-38183

Description

SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.

Affected products

2
  • SAP/Netweaverllm-fuzzy
    Range: 700, 701, 702, 730
  • SAP SE/SAP NetWeaverv5
    Range: < 700

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.