CVE-2021-33694
5.9
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Summary
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Cloud Connector | < 2.0 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
- https://launchpad.support.sap.com/#/notes/3058553
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
- https://launchpad.support.sap.com/#/notes/3058553
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.