CVE-2021-21491

MEDIUM

SAP NetWeaver Application Server Java 7.00-7.50 - Open Redirect via WebDynpro Java

Title source: llm

Description

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2976947

Scores

CVSS v3 6.1

EPSS 0.0013

EPSS Percentile 32.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (8)

sap/netweaver_application_server_java 7.00

sap/netweaver_application_server_java 7.10

sap/netweaver_application_server_java 7.11

sap/netweaver_application_server_java 7.20

sap/netweaver_application_server_java 7.30

sap/netweaver_application_server_java 7.31

sap/netweaver_application_server_java 7.40

sap/netweaver_application_server_java 7.50

Published Mar 10, 2021

Tracked Since Feb 18, 2026