Vulnerabilities > CVE-2021-21444 - Improper Restriction of Rendered UI Layers or Frames vulnerability in SAP Businessobjects Business Intelligence 410/420/430

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

CWE-1021

NVD

Published: 2021-02-09

Updated: 2021-02-16

Summary

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence 420 SAP Businessobjects Business Intelligence 410 SAP Businessobjects Business Intelligence 430	3

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
https://launchpad.support.sap.com/#/notes/2935791