CVE-2021-33665

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Published: Jun 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-33665
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	krnl64nuc_7.49	krnl64nuc_7.49.x
sap / netweaver_application_server_abap	krnl64uc_7.49	krnl64uc_7.49.x
sap / netweaver_application_server_abap	krnl64uc_7.53	krnl64uc_7.53.x
sap / netweaver_application_server_abap	kernel_7.49	kernel_7.49.x
sap / netweaver_application_server_abap	kernel_7.53	kernel_7.53.x
sap / netweaver_application_server_abap	kernel_7.77	kernel_7.77.x
sap / netweaver_application_server_abap	kernel_7.81	kernel_7.81.x
sap / netweaver_application_server_abap	kernel_7.84	kernel_7.84.x

Vulnerability Database

289,784

CVE-2021-33665