CVE-2020-26836

3.4LOW

Key Information:

Vendor
SAP
Status
SAP Solution Manager (trace Analysis)
Vendor
CVE Published:
9 December 2020

Summary

SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.

Affected Version(s)

SAP Solution Manager (Trace Analysis) < 720

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2938650
x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Jun/25
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
3.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.