Vulnerability Database

315,050

Total vulnerabilities in the database

CVE-2021-21491

SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Published: Mar 10, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-21491
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_java	7.20	7.20.x
sap / netweaver_application_server_java	7.30	7.30.x
sap / netweaver_application_server_java	7.31	7.31.x
sap / netweaver_application_server_java	7.40	7.40.x
sap / netweaver_application_server_java	7.50	7.50.x
sap / netweaver_application_server_java	7.10	7.10.x
sap / netweaver_application_server_java	7.11	7.11.x
sap / netweaver_application_server_java	7.00	7.00.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo