CVE-2022-41215

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:789:*:*:*:*:*:*:*

History

07 Nov 2023, 03:52

Type Values Removed Values Added
Summary SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

09 Nov 2022, 15:26

Type Values Removed Values Added
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
References (MISC) https://launchpad.support.sap.com/#/notes/3251202 - (MISC) https://launchpad.support.sap.com/#/notes/3251202 - Permissions Required, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7
CPE cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:789:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
First Time Sap
Sap netweaver Application Server Abap

08 Nov 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-08 22:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-41215

Mitre link : CVE-2022-41215

CVE.ORG link : CVE-2022-41215


JSON object : View

Products Affected

sap

  • netweaver_application_server_abap
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')