CVE-2023-40306Open Redirect in SE SAP S 4hana

CWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 73.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP S 4hanaSAP S 4hana
Timeline
PublishedSep 8
Latest updateSep 9

Description

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/s_4hana4 versions+3
CVEListV5sap_se/sap_s_4hana4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-g7j8-x6g6-f5vj: SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL2023-09-09
CVEList
URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)2023-09-08
CVE-2023-40306 — Open Redirect in SAP SE SAP S 4hana | cvebase