CVE-2020-6266

CWE-601 — Open Redirect3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 61.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Fiori FOR SAP S/4hana SAP Fiori

Timeline

PublishedJun 10

Latest updateMay 24

Description

SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_fiori_for_sap_s/4hana< 200+3

▶NVDsap/fiori4 versions+3

🔴Vulnerability Details

GHSA

GHSA-h48q-6mv5-m89f: SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation,↗2022-05-24

▶

CVEList

CVE-2020-6266: SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation,↗2020-06-10

▶