URL Redirection Vulnerability in SAP Solution Manager
CVE-2023-23855

6.5MEDIUM

Key Information:

Vendor: SAP
Status: Solution Manager
Vendor: CVE Published:; 14 February 2023

Summary

An insufficient URL validation flaw in the SAP Solution Manager (version 720) enables authenticated attackers to redirect users to malicious websites. This vulnerability can result in the exposure of sensitive information, the ability to modify data, or a phishing scenario that may compromise user integrity. Organizations using this software should assess their vulnerability management strategies and implement the recommended security measures to mitigate potential risks.

Affected Version(s)

Solution Manager 720

References

https://launchpad.support.sap.com/#/notes/3270509

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 19, 2023