VDB
CVE-2021-21490
CVE-2021-21490
PUBLISHED
CVSS 6.099999904632568 MEDIUM
SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.
EPSS 0.25% · 48.4th percentile
Risk Scores
CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.25%
48.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP NetWeaver AS for ABAP (Web Survey) | *, < 700, < 702 |
| sap | netweaver_application_server_abap | 75a, 75f, 700 |
Exploit Intelligence
Timeline
- Jun 8, 2021 CVE Published
- Jun 10, 2021 EPSS Score
- Aug 11, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Dec 10, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 11, 2022 EPSS Score
- Jun 11, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 11, 2022 EPSS Score
- Dec 11, 2022 EPSS Score