A note with CVSS 6.1 for component EP-KM-CM was released by SAP on 10.08.2021. The correction/advisory 3076399 was described with "[CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management)" and affects the system type Java.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance.
The vulnerability addressed is url redirection vulnerability within Java.
Risk specificationSAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component.
The URL path is now properly validated to prevent this type of redirection vulnerability
SAP Netweaver Application Server Java is part of the SAP NetWeaver Application Platform. It provides the complete infrastructure for deploying and running Java applications.
- The AS Java Home: SAP Netweaver Application Server Java wiki
- A dedicated SAP NetWeaver 7.40 Application Server for Java Security Guide exists.
The advisory is valid for