CVE-2021-33694 MEDIUM

CVE-2021-33694

Vendor Sap Se
Product SAP Cloud Connector
Weakness CWE-79 · XSS
Published September 15, 2021
Last update August 3, 2024

CVSS base score

5.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

Key dates

02Disclosure timeline

September 15, 2021 CVE published
August 3, 2024 Record updated