ByteOS Network

CVE Vulnerability Details :

CVE-2021-33691

PUBLISHED

More Info Official Page

Assigner-sap

Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At-15 Sep, 2021 | 18:01

Updated At-03 Aug, 2024 | 23:58

▼CVE Numbering Authority (CNA)

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also.

Affected Products

Vendor

SAP SE

Product

SAP NetWeaver Development Infrastructure (Notification Service)

Versions

Affected

< 7.31
< 7.40
< 7.50

Problem Types

Type	CWE ID	Description
text	N/A	Cross-Site Scripting

Metrics

Version	Base score	Base severity	Vector
3.0	6.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806	x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3073450	x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806	x_refsource_MISC x_transferred
https://launchpad.support.sap.com/#/notes/3073450	x_refsource_MISC x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References