CVE-2021-21445
MEDIUMSAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 - HTTP Response Smuggling via Content Type Header
Title source: llmDescription
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2984034
Scores
CVSS v3
5.4
EPSS
0.0063
EPSS Percentile
45.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-444
Status
published
Products (5)
sap/commerce_cloud
1808
sap/commerce_cloud
1811
sap/commerce_cloud
1905
sap/commerce_cloud
2005
sap/commerce_cloud
2011
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026