CVE-2021-21489

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Description The issue arises from insufficient encoding of user-related data, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. This allows an attacker with administrative privileges to store a malicious script on the portal. When a victim registered on the portal executes the script content, it could compromise the confidentiality and integrity of portal content.

Recommendations For SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, update to a version that sufficiently encodes user-related data to prevent Stored Cross-Site Scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.