CVE-2021-27615

Summary

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Manufacturing Execution< 15.1affected
SAP SESAP Manufacturing Execution< 1.5.2affected
SAP SESAP Manufacturing Execution< 15.3affected
SAP SESAP Manufacturing Execution< 15.4affected

Weaknesses

  • Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References