CVE-2021-38183

Summary

SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver< 700affected
SAP SESAP NetWeaver< 701affected
SAP SESAP NetWeaver< 702affected
SAP SESAP NetWeaver< 730affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References