URL Validation Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform
CVE-2022-41215

4.7MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver Abap Server And Abap Platform
Vendor
CVE Published:
8 November 2022

Summary

The SAP NetWeaver ABAP Server and ABAP Platform suffer from a vulnerability that allows unauthenticated attackers to manipulate URL validations, leading to potential malicious redirections. By exploiting insufficient checks, attackers can mislead users to compromised websites, risking the unauthorized disclosure of sensitive personal information.

Affected Version(s)

SAP NetWeaver ABAP Server and ABAP Platform = 700 = 700

SAP NetWeaver ABAP Server and ABAP Platform = 731 = 731

SAP NetWeaver ABAP Server and ABAP Platform = 740 = 740

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3251202

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.