Skip links

Potential false redirection of web site content in B2B 0CI, SAP security note 1487217

Description

One Step Business Scenario (SRM) can be used to aid in phishing attacks by allowing a malicious user to publish a URL purporting to be from the product, only to redirect the user to a URL of their own choosing.  This can enable a malicious user to falsely gain the trust of a victim to elicit private data from that user, such as authentication information.

Available fix and Supported packages

  • SAP-CRMJAV | 5.0 | 5.0
  • SAP-CRMJAV | 5.2 | 5.2
  • SAP-CRMJAV | 6.0 | 6.0
  • SAP-CRMJAV | 700 | 700
  • SAP-CRMJAV | 701 | 701
  • SAP-CRMWEB | 5.0 | 5.0
  • SAP-CRMWEB | 5.2 | 5.2
  • SAP-CRMWEB | 6.0 | 6.0
  • SAP-CRMWEB | 700 | 700
  • SAP-CRMWEB | 701 | 701
  • SAP-SHRWEB | 5.0 | 5.0
  • SAP-SHRWEB | 5.2 | 5.2
  • SAP-SHRWEB | 6.0 | 6.0
  • SAP-SHRWEB | 700 | 700
  • SAP-SHRWEB | 701 | 701
  • SAP-SHRJAV | 5.0 | 5.0
  • SAP-SHRJAV | 5.2 | 5.2
  • SAP-SHRJAV | 6.0 | 6.0
  • SAP-SHRJAV | 700 | 700
  • SAP-SHRJAV | 701 | 701
  • CRM JAVA APPLICATIONS 5.0 | SP016 | 000017
  • CRM JAVA APPLICATIONS 5.2 | SP009 | 000015
  • CRM JAVA APPLICATIONS 6.0 | SP006 | 000017
  • CRM JAVA APPLICATIONS 7.0 | SP006 | 000016
  • CRM JAVA COMPONENTS 5.0 | SP016 | 000017
  • CRM JAVA COMPONENTS 5.2 | SP009 | 000015
  • CRM JAVA COMPONENTS 6.0 | SP006 | 000017
  • CRM JAVA COMPONENTS 7.0 | SP006 | 000016
  • CRM JAVA WEB COMPONENTS 5.0 | SP016 | 000017
  • CRM JAVA WEB COMPONENTS 5.2 | SP009 | 000015
  • CRM JAVA WEB COMPONENTS 6.0 | SP006 | 000017
  • CRM JAVA WEB COMPONENTS 7.0 | SP006 | 000016
  • SAP SHARED JAVA APPLIC. 5.0 | SP016 | 000017
  • SAP SHARED JAVA APPLIC. 5.2 | SP009 | 000015
  • SAP SHARED JAVA APPLIC. 6.0 | SP006 | 000017
  • SAP SHARED JAVA APPLIC. 7.0 | SP006 | 000016
  • SAP SHARED JAVA COMPONENTS 5.0 | SP016 | 000017
  • SAP SHARED JAVA COMPONENTS 5.2 | SP009 | 000015
  • SAP SHARED JAVA COMPONENTS 6.0 | SP006 | 000017
  • SAP SHARED JAVA COMPONENTS 7.0 | SP006 | 000016

Affected component

    CRM-ISA-BBS
    Business-to-Business Sales

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1487217

TAGS

#Internet-sales
#B2B
#security
#OCI-One-Step-Business–cross-domain-redirection

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies

SAP Security Patch Day RedRays

May 2024 SAP Security Patch Day

Vulnerability: Multiple vulnerabilities in SAP CX Commerce SAP Component: CEC-SCC-PLA-PL CVE ID: CVE-2019-17495 CVSS Score: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Category: Program error