Skip links

Reverse Tabnabbing vulnerability within SAP CRM WebClient UI, SAP security note 2994289

Description

Applications based on SAP CRM WebClient UI allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Some well-known impacts of Reverse Tabnabbing vulnerability are –

  • phishing attacks to steal credentials of the victim    
  • redirect users to untrusted webpages containing malware or similar malicious exploits  

Available fix and Supported packages

  • S4FND | 102 | 102
  • S4FND | 103 | 103
  • S4FND | 104 | 104
  • S4FND | 105 | 105
  • WEBCUIF | 700 | 700
  • WEBCUIF | 701 | 701
  • WEBCUIF | 731 | 731
  • WEBCUIF | 730 | 730
  • WEBCUIF | 746 | 746
  • WEBCUIF | 747 | 747
  • WEBCUIF | 748 | 748
  • WEBCUIF | 800 | 800
  • WEBCUIF | 801 | 801
  • | SAPK-S4CLOUD_2105 |
  • S4FND 102 | SAPK-10208INS4FND |
  • S4FND 103 | SAPK-10306INS4FND |
  • S4FND 104 | SAPK-10404INS4FND |
  • S4FND 105 | SAPK-10502INS4FND |
  • WEBCUIF 747 | SAPK-74722INWEBCUIF |
  • WEBCUIF 748 | SAPK-74816INWEBCUIF |
  • WEBCUIF 800 | SAPK-80012INWEBCUIF |
  • WEBCUIF 801 | SAPK-80110INWEBCUIF |
  • WEBCUIF 700 | SAPK-70024INWEBCUIF |
  • WEBCUIF 701 | SAPK-70121INWEBCUIF |
  • WEBCUIF 730 | SAPK-73016INWEBCUIF |
  • WEBCUIF 731 | SAPK-73128INWEBCUIF |

Affected component

    CA-WUI-UI
    User Interface

CVSS

Score: 4.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2994289

TAGS

#Reverse-Tabnabbing
#SAP-CRM-WebClient-UI

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies