CVE-2021-21476

Summary

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP UI5< 1.38.49affected
SAP SESAP UI5< 1.52.49affected
SAP SESAP UI5< 1.60.34affected
SAP SESAP UI5< 1.71.31affected
SAP SESAP UI5< 1.78.18affected
SAP SESAP UI5< 1.84.5affected
SAP SESAP UI5< 1.85.4affected
SAP SESAP UI5< 1.86.1affected

Weaknesses

  • Tabnabbing

ADP Enrichment

CVE Program Container

Additional References

References