On 08.06.2021 a security relevant correction has been released by SAP SE. The manufacturer resolves an issue within SAP Commerce Cloud.
SAP Note 2985562 addresses "[CVE-2021-33666] Cross-Site Scripting (XSS) in SAP Commerce Cloud" to prevent cross-site scripting (xss) with a medium risk for exploitation.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance, the team suggests.
Cross-site scripting (XSS) is the name of a class of security vulnerabilities that can occur in web-based
applications. XSS combines
affected web application.
The advisory is valid for
- CX_COMM_CLOUD_AUTO 100
- 8.3 [CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
- 8.3 [CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
- 6.9 [CVE-2021-33691] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)
- 6.4 [CVE-2021-27600 ] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution (System Rules)
- 6.4 [CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution