Description
URL and Generic iViews allow an attacker to redirect users to a malicious site due to insufficient URL validation.
Some well-known impacts of URL Redirection vulnerability are –
- phishing attacks to steal credentials of the victim
- redirect users to untrusted webpages containing malware or similar malicious exploits
Available fix and Supported packages
- EP-PSERV | 7.00 | 7.02
- EP-RUNTIME | 7.10 | 7.11
- EP-RUNTIME | 7.20 | 7.20
- EP-RUNTIME | 7.30 | 7.30
- EP-RUNTIME | 7.31 | 7.31
- EP-RUNTIME | 7.40 | 7.40
- EP-RUNTIME | 7.50 | 7.50
- EP-ADMIN | 7.10 | 7.11
- EP-ADMIN | 7.20 | 7.20
- EP-ADMIN | 7.30 | 7.30
- EP-ADMIN | 7.31 | 7.31
- EP-ADMIN | 7.40 | 7.40
- EP-ADMIN | 7.50 | 7.50
- EP ADMINISTRATION 7.10 | SP021 | 000003
- EP ADMINISTRATION 7.10 | SP022 | 000000
- EP ADMINISTRATION 7.11 | SP016 | 000003
- EP ADMINISTRATION 7.11 | SP017 | 000000
- EP ADMINISTRATION 7.20 | SP009 | 000008
- EP ADMINISTRATION 7.30 | SP015 | 000005
- EP ADMINISTRATION 7.30 | SP016 | 000004
- EP ADMINISTRATION 7.30 | SP017 | 000000
- EP ADMINISTRATION 7.31 | SP015 | 000006
- EP ADMINISTRATION 7.31 | SP016 | 000008
- EP ADMINISTRATION 7.31 | SP017 | 000008
- EP ADMINISTRATION 7.31 | SP018 | 000006
- EP ADMINISTRATION 7.31 | SP019 | 000002
- EP ADMINISTRATION 7.31 | SP020 | 000000
- EP ADMINISTRATION 7.40 | SP010 | 000006
- EP ADMINISTRATION 7.40 | SP011 | 000008
- EP ADMINISTRATION 7.40 | SP012 | 000008
- EP ADMINISTRATION 7.40 | SP013 | 000006
- EP ADMINISTRATION 7.40 | SP014 | 000003
- EP ADMINISTRATION 7.40 | SP015 | 000000
Affected component
- EP-PIN-URL
HTTP Connectivity
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2323727
