CVE-2021-21445

Summary

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Commerce Cloud< 1808affected
SAP SESAP Commerce Cloud< 1811affected
SAP SESAP Commerce Cloud< 1905affected
SAP SESAP Commerce Cloud< 2005affected
SAP SESAP Commerce Cloud< 2011affected

Weaknesses

  • Header Manipulation

ADP Enrichment

CVE Program Container

Additional References

References