CVE-2020-6365

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

History

21 Nov 2024, 05:35

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/2969828 - Permissions Required, Vendor Advisory () https://launchpad.support.sap.com/#/notes/2969828 - Permissions Required, Vendor Advisory
References () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 - Vendor Advisory () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 - Vendor Advisory

Information

Published : 2020-10-15 03:15

Updated : 2024-11-21 05:35


NVD link : CVE-2020-6365

Mitre link : CVE-2020-6365

CVE.ORG link : CVE-2020-6365


JSON object : View

Products Affected

sap

  • netweaver_application_server_java
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')