CVE-2021-21444

Summary

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)< 410affected
SAP SESAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)< 420affected
SAP SESAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)< 430affected

Weaknesses

  • Clickjacking

ADP Enrichment

CVE Program Container

Additional References

References