PT-2021-14544 · Sap · Sap Ui5

Published

2021-02-09

Updated

2021-04-01

CVE-2021-21476

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP UI5 versions before 1.38.49 SAP UI5 versions before 1.52.49 SAP UI5 versions before 1.60.34 SAP UI5 versions before 1.71.31 SAP UI5 versions before 1.78.18 SAP UI5 versions before 1.84.5 SAP UI5 versions before 1.85.4 SAP UI5 versions before 1.86.1

Description The issue allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Recommendations For SAP UI5 version before 1.38.49, update to version 1.38.49 or later. For SAP UI5 version before 1.52.49, update to version 1.52.49 or later. For SAP UI5 version before 1.60.34, update to version 1.60.34 or later. For SAP UI5 version before 1.71.31, update to version 1.71.31 or later. For SAP UI5 version before 1.78.18, update to version 1.78.18 or later. For SAP UI5 version before 1.84.5, update to version 1.84.5 or later. For SAP UI5 version before 1.85.4, update to version 1.85.4 or later. For SAP UI5 version before 1.86.1, update to version 1.86.1 or later.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2021-21476

Affected Products

Sap Ui5

PT-2021-14544 · Sap · Sap Ui5

CVE-2021-21476

Weakness Enumeration

Related Identifiers

Affected Products

References · 5