CVE-2021-33699

MEDIUM

SAP Fiori Client - Task Hijacking via AndroidManifest.xml Misconfiguration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-33699. PoCs published by naroSEC.

AI-analyzed exploit summary The repository contains only a README with a brief description and a reference link, but no actual exploit code or technical details. It mentions an attacker and victim app for practicing CVE-2021-33699 (Task Hijacking) but lacks implementation.

Description

Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information.

Exploits (1)

nomisec STUB
by naroSEC · poc
https://github.com/naroSEC/CVE-2021-33699_Task_Hijacking

The repository contains only a README with a brief description and a reference link, but no actual exploit code or technical details. It mentions an attacker and victim app for practicing CVE-2021-33699 (Task Hijacking) but lacks implementation.

Classification
Stub 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3067219

Scores

CVSS v3 6.5
EPSS 0.0125
EPSS Percentile 65.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
sap/fiori_client 3.2
Published Aug 10, 2021
Tracked Since Feb 18, 2026