Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

URL Redirection vulnerability in URL and Generic iView, SAP security note 2323727

Description

URL and Generic iViews allow an attacker to redirect users to a malicious site due to insufficient URL validation.

Some well-known impacts of URL Redirection vulnerability are –

  • phishing attacks to steal credentials of the victim    
  • redirect users to untrusted webpages containing malware or similar malicious exploits          

Available fix and Supported packages

  • EP-PSERV | 7.00 | 7.02
  • EP-RUNTIME | 7.10 | 7.11
  • EP-RUNTIME | 7.20 | 7.20
  • EP-RUNTIME | 7.30 | 7.30
  • EP-RUNTIME | 7.31 | 7.31
  • EP-RUNTIME | 7.40 | 7.40
  • EP-RUNTIME | 7.50 | 7.50
  • EP-ADMIN | 7.10 | 7.11
  • EP-ADMIN | 7.20 | 7.20
  • EP-ADMIN | 7.30 | 7.30
  • EP-ADMIN | 7.31 | 7.31
  • EP-ADMIN | 7.40 | 7.40
  • EP-ADMIN | 7.50 | 7.50
  • EP ADMINISTRATION 7.10 | SP021 | 000003
  • EP ADMINISTRATION 7.10 | SP022 | 000000
  • EP ADMINISTRATION 7.11 | SP016 | 000003
  • EP ADMINISTRATION 7.11 | SP017 | 000000
  • EP ADMINISTRATION 7.20 | SP009 | 000008
  • EP ADMINISTRATION 7.30 | SP015 | 000005
  • EP ADMINISTRATION 7.30 | SP016 | 000004
  • EP ADMINISTRATION 7.30 | SP017 | 000000
  • EP ADMINISTRATION 7.31 | SP015 | 000006
  • EP ADMINISTRATION 7.31 | SP016 | 000008
  • EP ADMINISTRATION 7.31 | SP017 | 000008
  • EP ADMINISTRATION 7.31 | SP018 | 000006
  • EP ADMINISTRATION 7.31 | SP019 | 000002
  • EP ADMINISTRATION 7.31 | SP020 | 000000
  • EP ADMINISTRATION 7.40 | SP010 | 000006
  • EP ADMINISTRATION 7.40 | SP011 | 000008
  • EP ADMINISTRATION 7.40 | SP012 | 000008
  • EP ADMINISTRATION 7.40 | SP013 | 000006
  • EP ADMINISTRATION 7.40 | SP014 | 000003
  • EP ADMINISTRATION 7.40 | SP015 | 000000

Affected component

    EP-PIN-URL
    HTTP Connectivity

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2323727

TAGS

#Open-redirect
#cross-site-redirect
#cross-domain-redirect

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,