← back
CVE-2021-33673

CVE-2021-33673

CVSS 8.3 HIGHEPSS 0.8%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim's browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands.
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Affected products
SAP SE · SAP Contact Center

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3073891https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405