Lucene search

[email protected]NVD:CVE-2021-33675

HistorySep 14, 2021 - 12:15 p.m.

CVE-2021-33675

2021-09-1412:15:09

CWE-79

[email protected]

web.nvd.nist.gov

sap

contact center

version 700

xss

vulnerability

phishing

execute arbitrary code

browser.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

JSON

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim’s browser.

Affected configurations

Nvd

Node

sapcontact_centerMatch700

VendorProductVersionCPE
sapcontact_center700cpe:2.3:a:sap:contact_center:700:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	contact_center	700	cpe:2.3:a:sap:contact_center:700:::::::*

References

launchpad.support.sap.com/#/notes/3073891

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

JSON

Related for NVD:CVE-2021-33675

cnvd1 cvelist1 prion1 cve1