Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2021-21478 Reverse Tabnabbing vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), SAP security note 2974582

Description

Applications based on SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Some well-known impacts of the Reverse Tabnabbing vulnerability are:

  • Phishing attacks
  • Redirect users to untrusted webpages containing malware or similar malicious exploits.

Available fix and Supported packages

  • SAP_UI | 750 | 750
  • SAP_UI | 752 | 752
  • SAP_UI | 753 | 753
  • SAP_UI | 754 | 754
  • SAP_UI | 755 | 755
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 731 | 731
  • SAP_BASIS | 804 | 804
  • SAP_UI 753 | SAPK-75309INSAPUI |
  • SAP_UI 754 | SAPK-75406INSAPUI |
  • SAP_UI 755 | SAPK-75502INSAPUI |
  • SAP_BASIS 700 | SAPKB70039 |
  • SAP_BASIS 701 | SAPKB70124 |
  • SAP_BASIS 702 | SAPKB70224 |
  • SAP_BASIS 731 | SAPKB73129 |
  • SAP_BASIS 804 | SAPK-804I3INSAPBASIS |

Affected component

    BC-WD-ABA
    Web Dynpro ABAP

CVSS

Score: 4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2974582

TAGS

#Reverse-Tabnabbing
#Reverse-Tab-Nabbing
#Web-Dynpro-ABAP
#WDA
#security
#link
#hyperlink
#noopener
#noreferrer
#CVE-2021-21478

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.