SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html | |
| http://seclists.org/fulldisclosure/2023/Oct/13 | |
| https://launchpad.support.sap.com/#/notes/2872782 | Permissions Required Vendor Advisory |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-04-14 20:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-6215
Mitre link : CVE-2020-6215
CVE.ORG link : CVE-2020-6215
JSON object : View
Products Affected
sap
- netweaver_as_abap_business_server_pages
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')