CVE-2021-21490

MEDIUM

SAP NetWeaver AS ABAP Web Survey - Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Description

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.

References (2)

Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3004043

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 48.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (10)
sap/netweaver_application_server_abap 75a
sap/netweaver_application_server_abap 75f
sap/netweaver_application_server_abap 700
sap/netweaver_application_server_abap 702
sap/netweaver_application_server_abap 710
sap/netweaver_application_server_abap 711
sap/netweaver_application_server_abap 730
sap/netweaver_application_server_abap 731
sap/netweaver_application_server_abap 750
sap/netweaver_application_server_abap 752
Published Jun 09, 2021
Tracked Since Feb 18, 2026