CVE-2021-21490

Summary

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 700affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 702affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 710affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 711affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 730affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 731affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 750affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 752affected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 75Aaffected
SAP SESAP NetWeaver AS for ABAP (Web Survey)< 75Faffected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References