CVE-2021-21476

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
sapCNA
4.7 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
sapui5
𝑥
< 1.38.49
sapui5
1.50.5 ≤
𝑥
< 1.52.49
sapui5
1.60.1 ≤
𝑥
< 1.60.34
sapui5
1.71.0 ≤
𝑥
< 1.71.31
sapui5
1.78.0 ≤
𝑥
< 1.78.18
sapui5
1.84.0 ≤
𝑥
< 1.84.5
sapui5
1.85.0 ≤
𝑥
< 1.85.4
sapui5
1.86.0 ≤
𝑥
< 1.86.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3014303
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
https://launchpad.support.sap.com/#/notes/3014303
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543