CVE-2021-33703

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal versions 7.30 through 7.50

Description: The issue arises when the NetWeaver Enterprise Portal does not sufficiently encode URL parameters under certain conditions. This allows an attacker to craft a malicious link and send it to a victim, resulting in a Reflected Cross-Site Scripting (XSS) issue. An attacker can exploit this by sending a crafted link to a victim, potentially leading to malicious script execution.

Recommendations: For versions 7.30 through 7.50, update to a version that includes the fix for the encoding issue to prevent Reflected Cross-Site Scripting (XSS) attacks. As a temporary workaround, consider restricting access to potentially vulnerable URL parameters until a patch is available.