CVE-2021-33694

Name of the Vulnerable Software and Affected Versions: SAP Cloud Connector version 2.0

Description: The issue arises from insufficient encoding of user-controlled inputs, allowing an attacker with Administrator rights to include malicious codes that get stored in the database. When accessed, these codes could be executed in the application, resulting in Stored Cross-Site Scripting.

Recommendations: For SAP Cloud Connector version 2.0, ensure that all user-controlled inputs are properly encoded to prevent the inclusion of malicious codes. As a temporary workaround, consider restricting access to the database and limiting the execution of stored codes until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.