CVE-2021-33687

Published: 14/07/2021 Updated: 03/05/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver application server java 7.20
sap netweaver application server java 7.30
sap netweaver application server java 7.31
sap netweaver application server java 7.40
sap netweaver application server java 7.50
sap netweaver application server java 7.10

# Onapsis Security Advisory 2021-0020: SAP Enterprise Portal - Exposed sensitive data in html body ## Impact on Business One HTTP endpoint of the portal exposes sensitive information that could be used by an attacker with administrator privileges, in conjunction with other attacks (eg XSS) ## Advisory Information - Public Release Date: 11/ ...

CWE-200 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 https://launchpad.support.sap.com/#/notes/3059764 http://seclists.org/fulldisclosure/2021/Oct/32 http://packetstormsecurity.com/files/164600/SAP-Enterprise-Portal-Sensitive-Data-Disclosure.html https://nvd.nist.gov http://seclists.org/fulldisclosure/2021/Oct/32

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-33687

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect