CVE-2021-21489

More information about this CVE will likely be available in a few days.

Description

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content.

Related CPE's

Could not find any relations

References

https://launchpad.support.sap.com/#/notes/3082219

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io