CVE-2021-33673 Vulnerability Details

  /     /     /  

CVE-2021-33673 Metadata Quick Info

CVE Published: 14/09/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: sap | Vendor: SAP SE | Product: SAP Contact Center
Status : PUBLISHED

---

CVE-2021-33673 Description

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim\'s browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: OS Command Injection
Source: SAP SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).