Potential false redirection of content in NWBC, SAP security note 1628709

Description

NWBC can be used for phishing attacks by allowing an attacker to publish a URL purporting to be from the product, which redirects the victim to a URL chosen by the attacker. This enables an attacker to falsely gain the trust of a victim and elicit private data from them (such as authentication information).

Available fix and Supported packages

BC-WD-CLT-BUS | 3.0 | 3.0
BC-WD-CLT-BUS | 3.5 | 3.5
NWBC NW BUSINESS CLIENT 3.0 | SP000 | 000010

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1628709

Vahagn Vardanian

Potential false redirection of content in NWBC, SAP security note 1628709

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Vahagn Vardanian

Potential false redirection of content in NWBC, SAP security note 1628709

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Cross-domain-redirection#NWBC#NetWeaver-Business-Client

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Special offer for SAP Security Udemy course!

$ 9.99

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client