CVE-2021-33665

{"id": "CVE-2021-33665", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-06-09T14:15:10.077", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3028370", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."}, {"lang": "es", "value": "SAP NetWeaver Application Server ABAP (Aplicaciones basadas en SAP GUI para HTML), versiones - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS)"}], "lastModified": "2021-06-16T00:55:46.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5370493B-8917-4ACC-9C4B-043BEF7CCCA8"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBC44C62-0BFD-4170-B094-C82DEA473938"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39863DC-8CF3-4FB9-8FBF-1776791D701F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.84:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FB964D8-83B6-4DCE-B51D-CBD8766A8FBE"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB478A3C-4DD5-4F42-B2F1-9B7CCBA1B995"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5F8B53-ECAD-4CD2-8F91-25112569C056"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE160BD-659F-4517-B625-61CFB2FBD456"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}