Unauthenticated Redirect Vulnerability in SAP Solution Manager by SAP
CVE-2022-41275

6.1MEDIUM

Key Information:

Vendor: SAP
Status: Solution Manager (enterprise Search)
Vendor: CVE Published:; 13 December 2022

What is CVE-2022-41275?

In SAP Solution Manager (Enterprise Search) versions 740 and 750, an unauthorized attacker can craft a malicious link that targets logged-in users. If the link is activated, it redirects the user to an external page, permitting the attacker to access or alter sensitive information. This exploit poses significant risk by potentially facilitating phishing attacks, compromising user data integrity and confidentiality.

Affected Version(s)

Solution Manager (Enterprise Search) 740

Solution Manager (Enterprise Search) 750

References

https://launchpad.support.sap.com/#/notes/3271313

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Sep 21, 2022