CVE-2021-33702

Name of the Vulnerable Software and Affected Versions: NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Description: The issue arises when the NetWeaver Enterprise Portal does not sufficiently encode report data under certain conditions. This allows an attacker to craft malicious data, print it to the report, and execute a malicious script in the victim's browser when the report is opened, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.

Recommendations: For versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, consider disabling the report printing feature until a patch is available to prevent the execution of malicious scripts. Restrict access to the report feature to minimize the risk of exploitation. Avoid using the report feature in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.