CVE-2021-27600 Information

Description

SAP Manufacturing Execution (System Rules) versions - 15.1 15.2 15.3 15.4 allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters resulting in Stored Cross-Site Scripting (XSS) vulnerability. The malicious code can be used for different purposes. e.g. information can be read modified and sent to the attacker. However availability of the server cannot be impacted.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 https://launchpad.support.sap.com/#/notes/3024414

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4