← Back

CVE-2017-16679

nvd nist
Published: Dec 12, 2017Modified: May 13, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.

Affected (7)

Products: Sap: Sap Kernel
Sap
1 product
Sap Kernel
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Sap Kernel
Version 7.21
Sap Kernel
Version 7.21ext
Sap Kernel
Version 7.22
Sap Kernel
Version 7.22ext
Sap Kernel
Version 7.45
Sap Kernel
Version 7.49
Sap Kernel
Version 7.52

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

Source: cna@sap.com
Third Party AdvisoryVDB Entry
Source: cna@sap.com
Issue TrackingVendor Advisory
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory

Timeline

No history available yet.