CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21489

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.7%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

Products affected by CVE-2021-21489

Sap » Netweaver Enterprise Portal » Version: 7.10

cpe:2.3:a:sap:netweaver_enterprise_portal:7.10
Sap » Netweaver Enterprise Portal » Version: 7.11

cpe:2.3:a:sap:netweaver_enterprise_portal:7.11
Sap » Netweaver Enterprise Portal » Version: 7.20

cpe:2.3:a:sap:netweaver_enterprise_portal:7.20
Sap » Netweaver Enterprise Portal » Version: 7.30

cpe:2.3:a:sap:netweaver_enterprise_portal:7.30
Sap » Netweaver Enterprise Portal » Version: 7.31

cpe:2.3:a:sap:netweaver_enterprise_portal:7.31
Sap » Netweaver Enterprise Portal » Version: 7.40

cpe:2.3:a:sap:netweaver_enterprise_portal:7.40
Sap » Netweaver Enterprise Portal » Version: 7.50

cpe:2.3:a:sap:netweaver_enterprise_portal:7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21489

Products

Pricing

Contact Us