CVE-2021-21478

Summary

SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< SAP_UI 750affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 752affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 753affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 754affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 755affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< and SAP_BASIS 700affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 701affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 702affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 731affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP)< 804affected

Weaknesses

  • Tabnabbing

ADP Enrichment

CVE Program Container

Additional References

References