CVE-2021-27600

Name of the Vulnerable Software and Affected Versions SAP Manufacturing Execution (System Rules) versions 15.1 through 15.4

Description The issue allows an authorized attacker to embed malicious code into HTTP parameters and send it to the server because the SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. The malicious code can be used for different purposes, such as reading, modifying, and sending information to the attacker. However, the availability of the server cannot be impacted.

Recommendations For versions 15.1 through 15.4, update to a version that sufficiently encodes parameters to prevent Stored Cross-Site Scripting (XSS) vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.