Open Redirect Vulnerability in SAP Supplier Relationship Management
CVE-2014-4159

Currently unrated

Key Information:

Vendor: SAP
Status: Supplier Relationship Management
Vendor: CVE Published:; 13 June 2014

Summary

An open redirect vulnerability exists in the la/umTestSSO.jsp file of SAP Supplier Relationship Management (SRM), which could be exploited by remote attackers. By manipulating the URL parameter, attackers can lead users to external, potentially malicious websites, enabling phishing attacks. This flaw emphasizes the need for robust input validation and URL handling in web applications to prevent unauthorized redirects and ensure user safety.

References

https://service.sap.com/sap/support/notes/1946420

x_refsource_CONFIRM

http://blog.emaze.net/2014/05/sap-multiple-vulnerabilitie...

x_refsource_MISC

http://scn.sap.com/docs/DOC-8218

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 13, 2014
Vulnerability Reserved
Jun 13, 2014