SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/164600/SAP-Enterprise-Portal-Sensitive-Data-Disclosure.html | Patch Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2021/Oct/32 | Mailing List Patch Third Party Advisory |
https://launchpad.support.sap.com/#/notes/3059764 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2021-07-14T11:05:00
Updated: 2021-10-22T17:07:16
Reserved: 2021-05-28T00:00:00
Link: CVE-2021-33687
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-14T12:15:09.747
Modified: 2022-05-03T16:04:40.443
Link: CVE-2021-33687
JSON object: View
Redhat Information
No data.
CWE