PT-2021-14556 · Sap · Sap Netweaver As Abap
Published
2021-06-09
·
Updated
2022-10-05
·
CVE-2021-21490
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver AS for ABAP (Web Survey) versions 700 through 75F
Description
The issue arises from insufficient encoding of input and output parameters, leading to a reflected cross-site scripting vulnerability. This allows a malicious user to access data related to the current session, potentially impersonating a user and gaining access to all information with the same rights as the target user.
Recommendations
For SAP NetWeaver AS for ABAP (Web Survey) versions 700 through 75F, update to a version that properly encodes input and output parameters to prevent reflected cross-site scripting attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver As Abap