Skip links

CVE-2021-21478 Reverse Tabnabbing vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), SAP security note 2974582

Description

Applications based on SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Some well-known impacts of the Reverse Tabnabbing vulnerability are:

  • Phishing attacks
  • Redirect users to untrusted webpages containing malware or similar malicious exploits.

Available fix and Supported packages

  • SAP_UI | 750 | 750
  • SAP_UI | 752 | 752
  • SAP_UI | 753 | 753
  • SAP_UI | 754 | 754
  • SAP_UI | 755 | 755
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 731 | 731
  • SAP_BASIS | 804 | 804
  • SAP_UI 753 | SAPK-75309INSAPUI |
  • SAP_UI 754 | SAPK-75406INSAPUI |
  • SAP_UI 755 | SAPK-75502INSAPUI |
  • SAP_BASIS 700 | SAPKB70039 |
  • SAP_BASIS 701 | SAPKB70124 |
  • SAP_BASIS 702 | SAPKB70224 |
  • SAP_BASIS 731 | SAPKB73129 |
  • SAP_BASIS 804 | SAPK-804I3INSAPBASIS |

Affected component

    BC-WD-ABA
    Web Dynpro ABAP

CVSS

Score: 4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2974582

TAGS

#Reverse-Tabnabbing
#Reverse-Tab-Nabbing
#Web-Dynpro-ABAP
#WDA
#security
#link
#hyperlink
#noopener
#noreferrer
#CVE-2021-21478