Vulnerability Description
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Enterprise Portal | 7.10 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165737/SAP-Enterprise-Portal-NavigationRepoThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Jan/70Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3073681Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806Vendor Advisory
- http://packetstormsecurity.com/files/165737/SAP-Enterprise-Portal-NavigationRepoThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Jan/70Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3073681Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806Vendor Advisory
FAQ
What is CVE-2021-33702?
CVE-2021-33702 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it ...
How severe is CVE-2021-33702?
CVE-2021-33702 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33702?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Enterprise Portal.