CVE-2021-33707

Summary

SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver (Knowledge Management)< 7.30affected
SAP SESAP NetWeaver (Knowledge Management)< 7.31affected
SAP SESAP NetWeaver (Knowledge Management)< 7.40affected
SAP SESAP NetWeaver (Knowledge Management)< 7.50affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References