CVE-2020-6365Open Redirect in SE SAP Netweaver Application Server Java

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 56.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver Application Server JavaSAP Netweaver Application Server Java
Timeline
PublishedOct 15
Latest updateMay 24

Description

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_application7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-65vr-563m-2gm8: SAP NetWeaver AS Java, versions - 72022-05-24
CVEList
CVE-2020-6365: SAP NetWeaver AS Java, versions - 72020-10-15
CVE-2020-6365 — Open Redirect | cvebase