PT-2021-20265 · Sap · Sap Netweaver As Java

Yvan Genuer

Published

2021-07-14

Updated

2022-05-03

CVE-2021-33687

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS JAVA (Enterprise Portal) versions 7.10 through 7.50

Description: The issue reveals sensitive information in one of its HTTP requests. An attacker can use this in conjunction with other attacks, such as XSS, to steal this information.

Recommendations: For versions 7.10 through 7.50, consider restricting access to sensitive HTTP requests until a patch is available. As a temporary workaround, consider implementing additional security measures to protect against XSS attacks. Avoid using sensitive information in HTTP requests until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2021-33687

Affected Products

Sap Netweaver As Java

PT-2021-20265 · Sap · Sap Netweaver As Java

CVE-2021-33687

Weakness Enumeration

Related Identifiers

Affected Products

References · 7