CVE-2021-33694

low-risk
Published 2021-09-15

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Cloud Connector

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/3058553
Patch https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
Permissions Required https://launchpad.support.sap.com/#/notes/3058553
Patch https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
25
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal