CVE-2021-33694
MEDIUMSAP Cloud Connector 2.0 - Authenticated Stored Cross-Site Scripting
Title source: llmDescription
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3058553
Scores
CVSS v3
4.8
EPSS
0.0016
EPSS Percentile
36.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
sap/cloud_connector
2.0
Published
Sep 15, 2021
Tracked Since
Feb 18, 2026