Unauthenticated Redirect Vulnerability in SAP Solution Manager by SAP
CVE-2022-41275

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Solution Manager (enterprise Search)
Vendor
CVE Published:
13 December 2022

Summary

In SAP Solution Manager (Enterprise Search) versions 740 and 750, an unauthorized attacker can craft a malicious link that targets logged-in users. If the link is activated, it redirects the user to an external page, permitting the attacker to access or alter sensitive information. This exploit poses significant risk by potentially facilitating phishing attacks, compromising user data integrity and confidentiality.

Affected Version(s)

Solution Manager (Enterprise Search) 740

Solution Manager (Enterprise Search) 750

References

https://launchpad.support.sap.com/#/notes/3271313
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.