Skip links
RedRays
Published in: sap note

Reverse Tabnabbing vulnerability within SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), SAP security note 2973428

Author
Published on:

Description

Applications based on SAP GUI for HTML allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

Some well-known impacts of Reverse Tabnabbing vulnerability are –

  • phishing attacks
  • redirect users to untrusted webpages containing malware or similar malicious exploits  

Available fix and Supported packages

  • KRNL64NUC | 7.22 | 7.22
  • KRNL64NUC | 7.22EXT | 7.22EXT
  • KRNL64NUC | 7.49 | 7.49
  • KRNL64UC | 7.22 | 7.22
  • KRNL64UC | 7.22EXT | 7.22EXT
  • KRNL64UC | 7.49 | 7.49
  • KRNL64UC | 7.53 | 7.53
  • KRNL64UC | 7.73 | 7.73
  • KERNEL | 7.22 | 7.22
  • KERNEL | 7.49 | 7.49
  • KERNEL | 7.53 | 7.53
  • KERNEL | 7.73 | 7.73
  • KERNEL | 7.77 | 7.77
  • KERNEL | 7.81 | 7.81
  • SAP KERNEL 7.22 64-BIT | SP1016 | 001016
  • SAP KERNEL 7.22 64-BIT | SP1018 | 001018
  • SAP KERNEL 7.22 64-BIT UNICODE | SP1016 | 001016
  • SAP KERNEL 7.22 64-BIT UNICODE | SP1018 | 001018
  • SAP KERNEL 7.22 EXT 64-BIT | SP1016 | 001016
  • SAP KERNEL 7.22 EXT 64-BIT | SP1018 | 001018
  • SAP KERNEL 7.22 EXT 64-BIT UC | SP1016 | 001016
  • SAP KERNEL 7.22 EXT 64-BIT UC | SP1018 | 001018
  • SAP KERNEL 7.22_EX2 64-BIT | SP1016 | 001016
  • SAP KERNEL 7.22_EX2 64-BIT | SP1018 | 001018
  • SAP KERNEL 7.22_EX2 64-BIT UC | SP1016 | 001016
  • SAP KERNEL 7.22_EX2 64-BIT UC | SP1018 | 001018
  • SAP KERNEL 7.49 64-BIT | SP928 | 000928
  • SAP KERNEL 7.49 64-BIT | SP932 | 000932
  • SAP KERNEL 7.49 64-BIT UNICODE | SP928 | 000928
  • SAP KERNEL 7.49 64-BIT UNICODE | SP932 | 000932
  • SAP KERNEL 7.53 64-BIT | SP714 | 000714
  • SAP KERNEL 7.53 64-BIT | SP718 | 000718
  • SAP KERNEL 7.53 64-BIT UNICODE | SP714 | 000714
  • SAP KERNEL 7.53 64-BIT UNICODE | SP718 | 000718

Affected component

    BC-FES-ITS
    SAP Internet Transaction Server

CVSS

Score: 4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2973428

TAGS

#SAP-ITS–SAP-integrated-ITS–internal-ITS–webgui–SAP-GUI-for-HTML–Reverse-Tabnabbing

You may also like