SAP Contact Center
By the Year
In 2024 there have been 0 vulnerabilities in SAP Contact Center . Contact Center did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 6.98 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Contact Center vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Contact Center Security Vulnerabilities
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs
CVE-2021-33675
6.1 - Medium
- September 14, 2021
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim's browser.
XSS
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs
CVE-2021-33674
6.1 - Medium
- September 14, 2021
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser.
XSS
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them
CVE-2021-33673
6.1 - Medium
- September 14, 2021
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim's browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands.
XSS
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700
CVE-2021-33672
9.6 - Critical
- September 14, 2021
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands in the chat recipient's scope. This could lead to a complete compromise of their confidentiality, integrity, and could temporarily impact their availability.
Output Sanitization
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Contact Center or by SAP? Click the Watch button to subscribe.
