First published: Tue Feb 09 2021(Updated: )
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects Business Intelligence | =410 | |
SAP BusinessObjects Business Intelligence | =420 | |
SAP BusinessObjects Business Intelligence | =430 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21444 is a vulnerability in SAP Business Objects BI Platform versions 410, 420, and 430 that allows multiple X-Frame-Options headers entries in the response headers, potentially leading to a Clickjacking attack.
CVE-2021-21444 has a severity level of medium rated 6.1 according to the Common Vulnerability Scoring System (CVSS).
CVE-2021-21444 affects SAP Business Objects BI Platform versions 410, 420, and 430 by allowing multiple X-Frame-Options headers entries in the response headers, which may nullify the added X-Frame-Options header and enable Clickjacking attacks.
To fix CVE-2021-21444 in SAP Business Objects BI Platform, update to the latest version provided by SAP and follow the recommendations provided in their security advisory.
You can find more information about CVE-2021-21444 in the SAP support portal: [SAP Note 2935791](https://launchpad.support.sap.com/#/notes/2935791) and the [SAP Community Network (SCN) wiki](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543).