Skip links
RedRays - Your SAP Security Solution
Picture of Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Potential false redirection of content in NWBC, SAP security note 1628709

Description

NWBC can  be  used  for  phishing  attacks  by  allowing  an  attacker to  publish  a URL  purporting  to  be  from  the  product,  which redirects  the  victim  to  a  URL  chosen  by  the attacker. This enables an attacker to falsely gain the trust of a victim and elicit private data from them (such as authentication information).

Available fix and Supported packages

  • BC-WD-CLT-BUS | 3.0 | 3.0
  • BC-WD-CLT-BUS | 3.5 | 3.5
  • NWBC NW BUSINESS CLIENT 3.0 | SP000 | 000010

Affected component

    BC-FES-BUS-RUN
    Runtime

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1628709

TAGS

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client

Explore More

SAP Security Advisory – CVE-2025-42890

November 12, 2025

Critical Hard-Coded Credentials Vulnerability in SQL Anywhere Monitor (Non-GUI) CVSS Score10.0 SeverityCRITICAL PriorityHotNews PublishedNov 11, 2025 🚨 Critical Alert IMMEDIATE ACTION REQUIRED:

SAP Security Patch Day RedRays

SAP security patches November 2025

November 12, 2025

SAP has released its November 2025 security patch package containing 20 security notes addressing critical vulnerabilities across enterprise SAP environments. This release