Required CVE Record Information
Description
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 3.4 | LOW | 3.0 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N |
References 4 Total
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
- https://launchpad.support.sap.com/#/notes/2938650
- seclists.org: 20210614 Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis mailing-list
- http://packetstormsecurity.com/files/163136/SAP-Solution-Manager-7.2-ST-720-Open-Redirection.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 x_transferred
- https://launchpad.support.sap.com/#/notes/2938650 x_transferred
- seclists.org: 20210614 Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis mailing-listx_transferred
- http://packetstormsecurity.com/files/163136/SAP-Solution-Manager-7.2-ST-720-Open-Redirection.html x_transferred