PT-2021-20244 · Sap · Sap Commerce Cloud

Published

2021-06-09

Updated

2021-06-21

CVE-2021-33666

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud version 100

Description: The issue concerns MIME sniffing, which under certain circumstances could facilitate an XSS attack or malware proliferation when SAP Commerce Cloud hosts a JavaScript storefront.

Recommendations: For SAP Commerce Cloud version 100, consider implementing proper MIME type handling to prevent MIME sniffing attacks, which could help mitigate the risk of XSS or malware proliferation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-33666

Affected Products

Sap Commerce Cloud

PT-2021-20244 · Sap · Sap Commerce Cloud

CVE-2021-33666

Weakness Enumeration

Related Identifiers

Affected Products

References · 4