2 matches found
CVE-2021-33702
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets...
CVE-2021-33702
CVE-2021-33702 affects SAP NetWeaver Enterprise Portal (versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). The issue arises from insufficient encoding of report data in one of the portal’s servlets, allowing an attacker to inject malicious data that, when a report is opened, executes a script in...