Spoofing Vulnerability in SAP Business Connector Core
CVE-2006-0731

Currently unrated

Key Information:

Vendor: SAP
Status: Business Connector
Vendor: CVE Published:; 16 February 2006

What is CVE-2006-0731?

The SAP Business Connector Core contains a vulnerability that allows remote attackers to conduct spoofing attacks. Specifically, the issue lies in the WmRoot/adapter-index.dsp component, where an attacker can exploit the url parameter to insert an absolute URL. This enables attackers to load untrusted external sites within a frame, potentially leading users to believe they are interacting with legitimate content. Users of affected versions should take precautions to mitigate the risk of phishing and other malicious activities.

References

http://secunia.com/advisories/18880

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/434012/30/4980/thr...

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1015639

vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 16, 2006
Vulnerability Reserved
Feb 16, 2006