Skip links
Picture of Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Potential false redirection of content in NWBC, SAP security note 1628709

Description

NWBC can  be  used  for  phishing  attacks  by  allowing  an  attacker to  publish  a URL  purporting  to  be  from  the  product,  which redirects  the  victim  to  a  URL  chosen  by  the attacker. This enables an attacker to falsely gain the trust of a victim and elicit private data from them (such as authentication information).

Available fix and Supported packages

  • BC-WD-CLT-BUS | 3.0 | 3.0
  • BC-WD-CLT-BUS | 3.5 | 3.5
  • NWBC NW BUSINESS CLIENT 3.0 | SP000 | 000010

Affected component

    BC-FES-BUS-RUN
    Runtime

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1628709

TAGS

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client

Explore More

SAP Security Patch Day – September 2025

SAP has released its September 2025 security patch package containing 26 security notes addressing critical vulnerabilities across enterprise SAP environments. This release

SAP Security Patch Day – August 2025

SAP has released its August 2025 security patch package containing 19 security notes addressing critical vulnerabilities across enterprise SAP environments. This release