Vulnerability Details CVE-2021-33707
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- http://packetstormsecurity.com/files/165748/SAP-Enterprise-Portal-Open-Redirect.html
- http://seclists.org/fulldisclosure/2022/Jan/73
- https://launchpad.support.sap.com/#/notes/3076399
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
- http://packetstormsecurity.com/files/165748/SAP-Enterprise-Portal-Open-Redirect.html
- http://seclists.org/fulldisclosure/2022/Jan/73
- https://launchpad.support.sap.com/#/notes/3076399
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
Products affected by CVE-2021-33707
-
cpe:2.3:a:sap:netweaver_knowledge_management:7.30
-
cpe:2.3:a:sap:netweaver_knowledge_management:7.31
-
cpe:2.3:a:sap:netweaver_knowledge_management:7.40
-
cpe:2.3:a:sap:netweaver_knowledge_management:7.50