UPDATE 26th January 2021: We made few minor textual changes in the note. There have not been any changes done, which require customer action.
UPDATE 14th January 2020: This note has been re-released with updated “Manual Pre-Implementation Steps” step 6 and “Manual Post-Implementation Steps” step 3 (in releases where available).
UI5 HTTP Handler allows an attacker to manipulate content due to insufficient URL validation. Some well-known impacts of the vulnerability are:
- phishing attacks to steal credentials of the victim
- redirect users to untrusted webpages containing malware or similar malicious exploits
- providing false information to the victim
Available fix and Supported packages
- SAP_UI | 750 | 750
- SAP_UI | 751 | 751
- SAP_UI | 752 | 752
- SAP_UI | 753 | 753
- SAP_UI | 754 | 754
- UI_700 | 200 | 200
- SAP_UI 750 | SAPK-75016INSAPUI |
- SAP_UI 753 | SAPK-75305INSAPUI |
- SAP_UI 754 | SAPK-75401INSAPUI |
- SAP_UI 751 | SAPK-75112INSAPUI |
- SAP_UI 752 | SAPK-75209INSAPUI |
- UI_700 200 | SAPK-20016INUI700 |
UI5 ABAP delivery tools
Exploit is not available.
For detailed information please contact the mail s[email protected]