Vulnerability CVE-2021-33705


Published: 2021-09-15

Description:
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.

See advisories in our WLB2 database:
Topic
Author
Date
Low
SAP Enterprise Portal iviewCatcherEditor Server-Side Request Forgery
Yvan Genuer
27.01.2022

Type:

CWE-918

 References:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
https://launchpad.support.sap.com/#/notes/3074844

Copyright 2024, cxsecurity.com

 

Back to Top