Description
Applications based on SAP GUI for HTML allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Some well-known impacts of Reverse Tabnabbing vulnerability are –
- phishing attacks
- redirect users to untrusted webpages containing malware or similar malicious exploits
Available fix and Supported packages
- KRNL64NUC | 7.22 | 7.22
- KRNL64NUC | 7.22EXT | 7.22EXT
- KRNL64NUC | 7.49 | 7.49
- KRNL64UC | 7.22 | 7.22
- KRNL64UC | 7.22EXT | 7.22EXT
- KRNL64UC | 7.49 | 7.49
- KRNL64UC | 7.53 | 7.53
- KRNL64UC | 7.73 | 7.73
- KERNEL | 7.22 | 7.22
- KERNEL | 7.49 | 7.49
- KERNEL | 7.53 | 7.53
- KERNEL | 7.73 | 7.73
- KERNEL | 7.77 | 7.77
- KERNEL | 7.81 | 7.81
- SAP KERNEL 7.22 64-BIT | SP1016 | 001016
- SAP KERNEL 7.22 64-BIT | SP1018 | 001018
- SAP KERNEL 7.22 64-BIT UNICODE | SP1016 | 001016
- SAP KERNEL 7.22 64-BIT UNICODE | SP1018 | 001018
- SAP KERNEL 7.22 EXT 64-BIT | SP1016 | 001016
- SAP KERNEL 7.22 EXT 64-BIT | SP1018 | 001018
- SAP KERNEL 7.22 EXT 64-BIT UC | SP1016 | 001016
- SAP KERNEL 7.22 EXT 64-BIT UC | SP1018 | 001018
- SAP KERNEL 7.22_EX2 64-BIT | SP1016 | 001016
- SAP KERNEL 7.22_EX2 64-BIT | SP1018 | 001018
- SAP KERNEL 7.22_EX2 64-BIT UC | SP1016 | 001016
- SAP KERNEL 7.22_EX2 64-BIT UC | SP1018 | 001018
- SAP KERNEL 7.49 64-BIT | SP928 | 000928
- SAP KERNEL 7.49 64-BIT | SP932 | 000932
- SAP KERNEL 7.49 64-BIT UNICODE | SP928 | 000928
- SAP KERNEL 7.49 64-BIT UNICODE | SP932 | 000932
- SAP KERNEL 7.53 64-BIT | SP714 | 000714
- SAP KERNEL 7.53 64-BIT | SP718 | 000718
- SAP KERNEL 7.53 64-BIT UNICODE | SP714 | 000714
- SAP KERNEL 7.53 64-BIT UNICODE | SP718 | 000718
Affected component
- BC-FES-ITS
SAP Internet Transaction Server
CVSS
Score: 4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2973428
