CVE-2021-21489 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-21489 PUBLISHED CVSS 4.800000190734863 MEDIUM

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content.

EPSS 0.24% · 46.6th percentile

Risk Scores

CVSS v3.0

4.800000190734863

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.24%

46.6th percentile

Affected Products

Vendor	Product	Versions
sap	netweaver_enterprise_portal	7.50, 7.10, 7.11
SAP SE	SAP NetWeaver Enterprise Portal	< 7.10, < 7.11, < 7.20

Timeline

Sep 14, 2021 CVE Published
Sep 15, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 7, 2022 EPSS Score
Mar 5, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jun 26, 2022 EPSS Score
Aug 23, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 15, 2022 EPSS Score

References

Open in Interactive Console →