Vulnerabilities > CVE-2021-33703 - Unspecified vulnerability in SAP Netweaver Enterprise Portal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
References
- http://packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreation-Cross-Site-Scripting.html
- http://packetstormsecurity.com/files/165740/SAP-Enterprise-Portal-RunContentCreation-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2022/Jan/71
- http://seclists.org/fulldisclosure/2022/Jan/71
- https://launchpad.support.sap.com/#/notes/3072920
- https://launchpad.support.sap.com/#/notes/3072920
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806