CVE-2021-33697 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
sap	CNA	4.7 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Common Weakness Enumeration

CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.
CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://launchpad.support.sap.com/#/notes/3063048

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

https://launchpad.support.sap.com/#/notes/3063048

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806