CVE-2021-21445

MEDIUM

SAP Commerce Cloud - HTTP Request Smuggling

Title source: rule

Description

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking.

References (2)

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

[Permissions Required] https://launchpad.support.sap.com/#/notes/2984034

Scores

CVSS v3 5.4

EPSS 0.0018

EPSS Percentile 39.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-444

Status published

Products (5)

sap/commerce_cloud 1808

sap/commerce_cloud 1811

sap/commerce_cloud 1905

sap/commerce_cloud 2005

sap/commerce_cloud 2011

Published Jan 12, 2021

Tracked Since Feb 18, 2026