CVE-2022-41273

Name of the Vulnerable Software and Affected Versions SAP Sourcing and SAP Contract Lifecycle Management version 1100

Description The issue arises from improper input sanitization, allowing an attacker to redirect a user to a malicious website. The attack is performed by sending an email with a manipulated link that appears legitimate, prompting the victim to click on it, log in to SAP Sourcing and CLM, and subsequently get redirected to a malicious website.

Recommendations For SAP Sourcing and SAP Contract Lifecycle Management version 1100, consider implementing proper input sanitization to prevent malicious redirects. As a temporary workaround, restrict access to potentially vulnerable links and educate users about the risks of clicking on unfamiliar links. At the moment, there is no information about a newer version that contains a fix for this vulnerability.