CVE-2021-21445

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud versions 1808, 1811, 1905, 2005, 2011

Description The issue allows an authenticated attacker to include invalidated data in the HTTP response Content Type header due to improper input validation, which can be sent to a Web user. A successful exploitation of this issue may lead to advanced attacks, including cross-site scripting and page hijacking.

Recommendations For SAP Commerce Cloud versions 1808, 1811, 1905, 2005, 2011, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.