SAP NetWeaver K.M. Web Page Composer URI Redirection Vulnerability



SAP NetWeaver is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

Information

Bugtraq ID: 100177
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Aug 08 2017 12:00AM
Updated: Aug 08 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: SAP NetWeaver 0


Not Vulnerable:

Exploit


An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.


Related Posts

Comments