Open Redirect Vulnerability in SAP Solution Manager Trace Analysis
CVE-2020-26836

3.4LOW

Key Information:

Vendor

SAP
Status
SAP Solution Manager (trace Analysis)
Vendor
CVE Published:
9 December 2020

What is CVE-2020-26836?

The SAP Solution Manager (Trace Analysis), version 720, is susceptible to an Open Redirect vulnerability that allows attackers to manipulate an application URL to redirect users to a malicious site. This can deceive users into entering sensitive credentials or downloading harmful software. By crafting a malicious link with a manipulated parameter, an attacker can share this link with end users, potentially leading them to unintended and dangerous locations online.

Affected Version(s)

SAP Solution Manager (Trace Analysis) < 720

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2938650
x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Jun/25
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.