CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-21476
https://notcve.org/view.php?id=CVE-2021-21476
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. SAP UI5, versiones anteriores a: 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, permite a un atacante no autenticado redireccionar a usuarios a un sitio malicioso debido a vulnerabilidades de tipo Tabnabbing Inverso • https://launchpad.support.sap.com/#/notes/3014303 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 9%CPEs: 5EXPL: 2CVE-2019-0319
https://notcve.org/view.php?id=CVE-2019-0319
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podría engañar a un usuario para que crea que esta información es de servicio legítimo cuando no lo es. • http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html http://www.securityfocus.com/bid/109074 https://cxsecurity.com/ascii/WLB-2019050283 https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f https://launchpad.support.sap.com/#/notes/2752614 https://launchpad.support.sap.com/#/notes/2911267 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •