Lucene search

SapCVELIST:CVE-2021-33691

HistorySep 15, 2021 - 6:01 p.m.

CVE-2021-33691

2021-09-1518:01:48

sap

www.cve.org

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also.

CNA Affected

[
  {
    "product": "SAP NetWeaver Development Infrastructure (Notification Service)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< 7.50"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3073450

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for CVELIST:CVE-2021-33691