The vulnerability of the component allows for the creation, design, configuration, and display of information panels within the Self Service Composition Environment (SSCE) of the SAP Manufacturing Integration and Intelligence platform. This vulnerability enables a perpetrator to execute arbitrary code or escalate their privileges.

The vulnerability of the component responsible for creating, designing, configuring, and displaying information panels of the Self Service Composition Environment SSCE platform for SAP Manufacturing Integration and Intelligence is related to deficiencies in access control and improper management ...

CVE-2021-21480

SAP MII allows users to create dashboards and save them as JSP through the SSCE Self Service Composition Environment. An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAPXMII...