CVE-2021-33672
Published on: 09/14/2021 12:00:00 AM UTC
Last Modified on: 09/24/2021 02:55:00 PM UTC
Certain versions of Contact Center from Sap contain the following vulnerability:
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands in the chat recipient's scope. This could lead to a complete compromise of their confidentiality, integrity, and could temporarily impact their availability.
- CVE-2021-33672 has been assigned by
[email protected] to track the vulnerability - currently rated as CRITICAL severity.
- Affected Vendor/Software:
SAP SE - SAP Contact Center version 700
CVSS3 Score: 9.6 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 9.3 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
SAP Security Patch Day – September 2021 - Product Security Response at SAP - Community Wiki | wiki.scn.sap.com text/html |
![]() |
No Description Provided | launchpad.support.sap.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Sap | Contact Center | 700 | All | All | All |
- cpe:2.3:a:sap:contact_center:700:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-33672 : Due to missing encoding in #SAP Contact Center's Communication Desktop component- version 700, an… twitter.com/i/web/status/1… | 2021-09-14 12:05:31 |