Skip links

CVE-2021-21478 Reverse Tabnabbing vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), SAP security note 2974582

Description

Applications based on SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Some well-known impacts of the Reverse Tabnabbing vulnerability are:

  • Phishing attacks
  • Redirect users to untrusted webpages containing malware or similar malicious exploits.

Available fix and Supported packages

  • SAP_UI | 750 | 750
  • SAP_UI | 752 | 752
  • SAP_UI | 753 | 753
  • SAP_UI | 754 | 754
  • SAP_UI | 755 | 755
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 731 | 731
  • SAP_BASIS | 804 | 804
  • SAP_UI 753 | SAPK-75309INSAPUI |
  • SAP_UI 754 | SAPK-75406INSAPUI |
  • SAP_UI 755 | SAPK-75502INSAPUI |
  • SAP_BASIS 700 | SAPKB70039 |
  • SAP_BASIS 701 | SAPKB70124 |
  • SAP_BASIS 702 | SAPKB70224 |
  • SAP_BASIS 731 | SAPKB73129 |
  • SAP_BASIS 804 | SAPK-804I3INSAPBASIS |

Affected component

    BC-WD-ABA
    Web Dynpro ABAP

CVSS

Score: 4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2974582

TAGS

#Reverse-Tabnabbing
#Reverse-Tab-Nabbing
#Web-Dynpro-ABAP
#WDA
#security
#link
#hyperlink
#noopener
#noreferrer
#CVE-2021-21478

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies