Skip links
RedRays - Your SAP Security Solution
Picture of Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Potential false redirection of content in NWBC, SAP security note 1628709

Description

NWBC can  be  used  for  phishing  attacks  by  allowing  an  attacker to  publish  a URL  purporting  to  be  from  the  product,  which redirects  the  victim  to  a  URL  chosen  by  the attacker. This enables an attacker to falsely gain the trust of a victim and elicit private data from them (such as authentication information).

Available fix and Supported packages

  • BC-WD-CLT-BUS | 3.0 | 3.0
  • BC-WD-CLT-BUS | 3.5 | 3.5
  • NWBC NW BUSINESS CLIENT 3.0 | SP000 | 000010

Affected component

    BC-FES-BUS-RUN
    Runtime

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1628709

TAGS

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client

Explore More

SAP Security Patch Day – September 2025

September 9, 2025

SAP has released its September 2025 security patch package containing 26 security notes addressing critical vulnerabilities across enterprise SAP environments. This release

SAP Security Patch Day – August 2025

August 12, 2025

SAP has released its August 2025 security patch package containing 19 security notes addressing critical vulnerabilities across enterprise SAP environments. This release