Vulnerability Name: | CVE-2021-38183 (CCN-211193) | ||||||||||||
Assigned: | 2021-10-12 | ||||||||||||
Published: | 2021-10-12 | ||||||||||||
Updated: | 2021-10-19 | ||||||||||||
Summary: | SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability. | ||||||||||||
CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-38183 Source: XF Type: UNKNOWN sap-cve202138183-xss(211193) Source: CCN Type: SAP Web site SAP Support Note 3084937 Source: MISC Type: Permissions Required https://launchpad.support.sap.com/#/notes/3084937 Source: CCN Type: SAP Security Patch Day - October 2021 SAP Security Patch Day - October 2021 Source: MISC Type: Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |