{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T12:11:08.320","vulnerabilities":[{"cve":{"id":"CVE-2021-21490","sourceIdentifier":"cna@sap.com","published":"2021-06-09T14:15:08.010","lastModified":"2024-11-21T05:48:28.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user."},{"lang":"es","value":"SAP NetWeaver AS para ABAP (Web Survey), versiones: 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, no codifica suficientemente los parámetros input y output, lo que resulta en una vulnerabilidad de tipo cross site scripting reflejado, mediante el cual un usuario malicioso puede acceder a los datos relacionados con la sesión actual y usarlos para hacerse pasar por un usuario y acceder a toda la información con los mismos derechos que el usuario objetivo"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV30":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75a:*:*:*:*:*:*:*","matchCriteriaId":"BF4998F3-74DB-4E8C-BBEA-DFE0246D9C49"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75f:*:*:*:*:*:*:*","matchCriteriaId":"5177A906-AEBD-47B7-A793-B74C88038C2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*","matchCriteriaId":"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*","matchCriteriaId":"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*","matchCriteriaId":"9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*","matchCriteriaId":"17847B21-8BE6-4359-913B-B6592D37C655"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*","matchCriteriaId":"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*","matchCriteriaId":"5CC29738-CF17-4E6B-9C9E-879B17F7E001"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*","matchCriteriaId":"7777AA80-1608-420E-B7D5-09ABECD51728"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*","matchCriteriaId":"62828DCD-F80E-4C7C-A988-EFEA06A5223E"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/3004043","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3004043","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}