CVE-2021-27612Open Redirect in SE SAP GUI FOR Windows

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 60.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP GUI FOR WindowsSAP GUI FOR Windows
Timeline
PublishedMay 11
Latest updateMay 24

Description

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5sap_se/sap_gui_for_windows< 7.60 PL10+1
NVDsap/gui7.60, 7.70+1

🔴Vulnerability Details

2
GHSA
GHSA-89x7-8rj3-46vw: In specific situations SAP GUI for Windows, versions - 72022-05-24
CVEList
CVE-2021-27612: In specific situations SAP GUI for Windows until and including 72021-05-11
CVE-2021-27612 — Open Redirect | cvebase