Vulnerability Description
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Enterprise Portal | 7.30 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreaThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Jan/71Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3072920Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806Vendor Advisory
- http://packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreaThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/Jan/71Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3072920Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806Vendor Advisory
FAQ
What is CVE-2021-33703?
CVE-2021-33703 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A...
How severe is CVE-2021-33703?
CVE-2021-33703 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33703?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Enterprise Portal.