Remote URL Redirection Vulnerability in SAP NetWeaver Knowledge Management
CVE-2021-33707

6.1MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver (knowledge Management)
Vendor
CVE Published:
10 August 2021

Summary

SAP NetWeaver Knowledge Management is vulnerable to an open redirect that enables remote attackers to manipulate stored URLs. By redirecting users to unintended external sites, attackers can carry out phishing schemes, potentially compromising user credentials and sensitive information. This vulnerability highlights the importance of validating URL inputs to mitigate unauthorized access risks.

Affected Version(s)

SAP NetWeaver (Knowledge Management) < 7.30 < 7.30

SAP NetWeaver (Knowledge Management) < 7.31 < 7.31

SAP NetWeaver (Knowledge Management) < 7.40 < 7.40

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3076399
x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Jan/73
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.