CVE-2021-21490 vulnerability in SAP Products
Published on June 9, 2021
SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.
Products Associated with CVE-2021-21490
stack.watch emails you whenever new vulnerabilities are published in SAP Netweaver As Abap or SAP Netweaver Application Server Abap. Just hit a watch button to start following.
Affected Versions
SAP SE SAP NetWeaver AS for ABAP (Web Survey):- Version < 700 is affected.
- Version < 702 is affected.
- Version < 710 is affected.
- Version < 711 is affected.
- Version < 730 is affected.
- Version < 731 is affected.
- Version < 750 is affected.
- Version < 752 is affected.
- Version < 75A is affected.
- Version < 75F is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.