PT-2020-19138 · Sap · Sap Netweaver As Java

Published

2020-10-15

Updated

2021-04-12

CVE-2020-6365

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java versions 7.10 through 7.50

Description The issue allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. This could be used to execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware.

Recommendations For SAP NetWeaver AS Java versions 7.10 through 7.50, update the Start Page component to include proper reverse tabnabbing URL validation to prevent malicious redirects.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2020-6365

Affected Products

Sap Netweaver As Java

PT-2020-19138 · Sap · Sap Netweaver As Java

CVE-2020-6365

Weakness Enumeration

Related Identifiers

Affected Products

References · 4