Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sap Subscribe
Filtered by product Contact Center
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33672 1 Sap 1 Contact Center 2021-09-24 9.3 HIGH 9.6 CRITICAL
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands in the chat recipient's scope. This could lead to a complete compromise of their confidentiality, integrity, and could temporarily impact their availability.
CVE-2021-33673 1 Sap 1 Contact Center 2021-09-24 4.3 MEDIUM 6.1 MEDIUM
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim's browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands.
CVE-2021-33674 1 Sap 1 Contact Center 2021-09-24 4.3 MEDIUM 6.1 MEDIUM
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser.
CVE-2021-33675 1 Sap 1 Contact Center 2021-09-24 4.3 MEDIUM 6.1 MEDIUM
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim's browser.