CVE-2018-2476 — Open Redirect in SAP Netweaver

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 57.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 13

Latest updateMay 14

Description

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDsap/netweaver7.30, 7.31, 7.40+2

▶CVEListV5sap/sap_netweaver= 7.30, = 7.31, = 7.40+2

GHSA

GHSA-8g8p-fjx7-326c: Due to insufficient URL Validation in forums in SAP NetWeaver versions 7↗2022-05-14

▶

CVEList

CVE-2018-2476: Due to insufficient URL Validation in forums in SAP NetWeaver versions 7↗2018-11-13

▶