Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Potential false redirection of content in NWBC, SAP security note 1628709

Description

NWBC can  be  used  for  phishing  attacks  by  allowing  an  attacker to  publish  a URL  purporting  to  be  from  the  product,  which redirects  the  victim  to  a  URL  chosen  by  the attacker. This enables an attacker to falsely gain the trust of a victim and elicit private data from them (such as authentication information).

Available fix and Supported packages

  • BC-WD-CLT-BUS | 3.0 | 3.0
  • BC-WD-CLT-BUS | 3.5 | 3.5
  • NWBC NW BUSINESS CLIENT 3.0 | SP000 | 000010

Affected component

    BC-FES-BUS-RUN
    Runtime

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1628709

TAGS

#Cross-domain-redirection
#NWBC
#NetWeaver-Business-Client

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer