CVE-2021-27615

{"id": "CVE-2021-27615", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-06-09T14:15:08.247", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3030961", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks."}, {"lang": "es", "value": "SAP Manufacturing Execution: versiones 15.1, 1.5.2, 15.3, 15.4, no contienen algunos encabezados de seguridad HTTP en su respuesta HTTP. El atacante puede ser explotado por la falta de estos encabezados en respuesta para ejecutar ataques de tipo cross-site scripting (XSS)"}], "lastModified": "2021-06-16T00:41:13.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:manufacturing_execution:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23297FB8-B4A8-4E84-80EE-67907C249A70"}, {"criteria": "cpe:2.3:a:sap:manufacturing_execution:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87614D9A-544B-42FE-9C58-5389E3716240"}, {"criteria": "cpe:2.3:a:sap:manufacturing_execution:15.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FC9087-C677-4AD0-8A06-93FC19E06409"}, {"criteria": "cpe:2.3:a:sap:manufacturing_execution:15.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DF7662A-D692-450E-9BDD-82081B25BD17"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}