Podatność CVE-2021-33705


Publikacja: 2021-09-15

Opis:
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
SAP Enterprise Portal iviewCatcherEditor Server-Side Request Forgery
Yvan Genuer
27.01.2022

Typ:

CWE-918

 Referencje:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
https://launchpad.support.sap.com/#/notes/3074844

Copyright 2024, cxsecurity.com

 

Back to Top