Description
Applications based on SAP CRM WebClient UI allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Some well-known impacts of Reverse Tabnabbing vulnerability are –
- phishing attacks to steal credentials of the victim
- redirect users to untrusted webpages containing malware or similar malicious exploits
Available fix and Supported packages
- S4FND | 102 | 102
- S4FND | 103 | 103
- S4FND | 104 | 104
- S4FND | 105 | 105
- WEBCUIF | 700 | 700
- WEBCUIF | 701 | 701
- WEBCUIF | 731 | 731
- WEBCUIF | 730 | 730
- WEBCUIF | 746 | 746
- WEBCUIF | 747 | 747
- WEBCUIF | 748 | 748
- WEBCUIF | 800 | 800
- WEBCUIF | 801 | 801
- | SAPK-S4CLOUD_2105 |
- S4FND 102 | SAPK-10208INS4FND |
- S4FND 103 | SAPK-10306INS4FND |
- S4FND 104 | SAPK-10404INS4FND |
- S4FND 105 | SAPK-10502INS4FND |
- WEBCUIF 747 | SAPK-74722INWEBCUIF |
- WEBCUIF 748 | SAPK-74816INWEBCUIF |
- WEBCUIF 800 | SAPK-80012INWEBCUIF |
- WEBCUIF 801 | SAPK-80110INWEBCUIF |
- WEBCUIF 700 | SAPK-70024INWEBCUIF |
- WEBCUIF 701 | SAPK-70121INWEBCUIF |
- WEBCUIF 730 | SAPK-73016INWEBCUIF |
- WEBCUIF 731 | SAPK-73128INWEBCUIF |
Affected component
- CA-WUI-UI
User Interface
CVSS
Score: 4.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2994289
