[ERPSCAN-13-021] SAP Portal – Unvalidated redirect
Application: SAP NetWeaver JAVA
Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others
Vendor URL: http://www.sap.com
Bugs: Information disclosure
Vendor response: 21.04.2013
Date of Public Advisory: 30.10.2013
Reference: SAP Security Note 1854826
CVSS: AV:N/AC:H/AU:N/C:P/I:N/A:N 2.6
Author: Alexander Polyakov (ERPScan)
It is possible to send a link to this service to any user. As a result, they will connect to evilhost and send their cookies and SAPPASSPORT in HTTP headers.
An open redirect is an application that takes a parameter and redirects users to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: