CVE-2024-21734

Name of the Vulnerable Software and Affected Versions SAP Marketing (Contacts App) version 160

Description The issue is related to a URL redirection vulnerability in the Contacts App component of the SAP Marketing system, which can be exploited by a remote attacker to conduct a phishing attack. This could potentially lead to the disclosure of protected information through a specially crafted malicious link. The vulnerability allows an attacker with low privileges to trick a user into opening a malicious page, resulting in a convincing phishing attack with low impact on the confidentiality and integrity of the application.

Recommendations For SAP Marketing (Contacts App) version 160, consider restricting access to the vulnerable component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using links from untrusted sources to prevent potential phishing attacks.