CVE-2022-41275Open Redirect in SAP Solution Manager

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.9%
top 23.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Solution Manager
Timeline
PublishedDec 13

Description

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5sap/solution_manager740, 750+1
NVDsap/solution_manager740, 750+1

🔴Vulnerability Details

2
CVEList
CVE-2022-41275: In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in u2022-12-13
GHSA
GHSA-9884-hhwq-42c3: In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in u2022-12-13
CVE-2022-41275 — Open Redirect in SAP Solution Manager | cvebase