CVE-2021-21476

MEDIUM4.7

Description

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Affected products

SAP_SE / SAP UI5< 1.38.49 – < 1.38.49
SAP_SE / SAP UI5< 1.52.49 – < 1.52.49
SAP_SE / SAP UI5< 1.60.34 – < 1.60.34
SAP_SE / SAP UI5< 1.71.31 – < 1.71.31
SAP_SE / SAP UI5< 1.78.18 – < 1.78.18
SAP_SE / SAP UI5< 1.84.5 – < 1.84.5
SAP_SE / SAP UI5< 1.85.4 – < 1.85.4
SAP_SE / SAP UI5< 1.86.1 – < 1.86.1

References

MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
MISChttps://launchpad.support.sap.com/#/notes/3014303