CVE-2021-42063

MEDIUM EXPLOITED NUCLEI

SAP Knowledge Warehouse - XSS

Title source: rule

Description

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.

Exploits (1)

nomisec SCANNER

by Cappricio-Securities · client-side

https://github.com/Cappricio-Securities/CVE-2021-42063

View Code ZIP pw:eip

Nuclei Templates (1)

SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting

MEDIUMby pdteam

Shodan: http.favicon.hash:-266008933

FOFA: icon_hash=-266008933

References (4)

[Third Party Advisory] http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Mar/32

[Permissions Required] https://launchpad.support.sap.com/#/notes/3102769

[Vendor Advisory] https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

Scores

CVSS v3 6.1

EPSS 0.4078

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-04-18

CWE

CWE-79

Status published

Products (4)

sap/knowledge_warehouse 7.30

sap/knowledge_warehouse 7.31

sap/knowledge_warehouse 7.40

sap/knowledge_warehouse 7.50

Published Dec 14, 2021

Tracked Since Feb 18, 2026