CVE-2021-33694

Published: Sep 15, 2021Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

Affected (1)

Products: Sap: Cloud Connector

1 product

Cloud Connector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Cloud Connector	Version 2.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://launchpad.support.sap.com/#/notes/3058553

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Source: cna@sap.com

PatchVendor Advisory

https://launchpad.support.sap.com/#/notes/3058553

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.