CVE-2021-21491

Summary

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 7.00affected
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 7.10affected
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 7.11affected
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 7.20affected
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 7.30affected
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 731affected
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 7.40affected
SAP SESAP NetWeaver Application Server Java (Applications based on Web Dynpro Java)< 7.50affected

Weaknesses

  • Reverse Tabnabbing

ADP Enrichment

CVE Program Container

Additional References

References