[ERPSCAN-13-021] SAP Portal – Unvalidated redirect

DSECRG Advisories

Application: SAP NetWeaver JAVA
Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others
Vendor URL: http://www.sap.com
Bugs: Information disclosure
Exploits: YES
Reported: 20.04.2013
Vendor response: 21.04.2013
Date of Public Advisory: 30.10.2013
Reference: SAP Security Note 1854826
Author: Alexander Polyakov (ERPScan)

It is possible to send a link to this service to any user. As a result, they will connect to evilhost and send their cookies and SAPPASSPORT in HTTP headers.

Business Risk
An open redirect is an application that takes a parameter and redirects users to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: