CVE-2021-33665

Summary

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)< KRNL64NUC - 7.49affected
SAP SESAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)< KRNL64UC - 7.49affected
SAP SESAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)< 7.53affected
SAP SESAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)< KERNEL - 7.49affected
SAP SESAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)< 7.77affected
SAP SESAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)< 7.81affected
SAP SESAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML)< 7.84affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References