CVE-2021-27601

Summary

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS for Java (Applications based on HTMLB for Java)EP-BASIS 7.10, 7.11, 7.30, 7.31, 7.40, 7.50affected
SAP SESAP NetWeaver AS for Java (Applications based on HTMLB for Java)FRAMEWORK-EXT 7.30, 7.31, 7.40, 7.50affected
SAP SESAP NetWeaver AS for Java (Applications based on HTMLB for Java)FRAMEWORK 7.10, 7.11affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References