Potential false redirection of content in NWBC, SAP security note 1628709

Description

NWBC can be used for phishing attacks by allowing an attacker to publish a URL purporting to be from the product, which redirects the victim to a URL chosen by the attacker. This enables an attacker to falsely gain the trust of a victim and elicit private data from them (such as authentication information).

Available fix and Supported packages

BC-WD-CLT-BUS | 3.0 | 3.0
BC-WD-CLT-BUS | 3.5 | 3.5
NWBC NW BUSINESS CLIENT 3.0 | SP000 | 000010

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1628709

Vahagn Vardanian

Potential false redirection of content in NWBC, SAP security note 1628709

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Vahagn Vardanian

Potential false redirection of content in NWBC, SAP security note 1628709

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Cross-domain-redirection#NWBC#NetWeaver-Business-Client

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Special offer for SAP Security Udemy course!

$ 9.99

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client