SAP NetWeaver K.M. Web Page Composer URI Redirection Vulnerability

SAP NetWeaver is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

Information

Bugtraq ID: 100177
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Aug 08 2017 12:00AM
Updated: Aug 08 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: SAP NetWeaver 0

Not Vulnerable:

Exploit

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

SAP NetWeaver - Homepage (SAP)
SAP Security Note 2394536 (SAP)
SAP Security Patch Day â?? August 2017 (SAP)

Source: www.securityfocus.com

Exploit Collector

Search Exploit