CVE-2022-28215

CWE-601 — Open Redirect3 documents3 sources

Severity

4.7MEDIUM

EPSS

0.4%

top 37.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Abap Server AND Abap Platform SAP Netweaver Abap

Timeline

PublishedApr 12

Latest updateApr 13

Description

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_abap_server_and_abap_platform740, 750, 787+2

▶NVDsap/netweaver_abap740, 750, 787+2

🔴Vulnerability Details

GHSA

GHSA-8rrr-f77p-65qc: SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to↗2022-04-13

▶

CVEList

CVE-2022-28215: SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to↗2022-04-12

▶