← Back

CVE-2018-2476

nvd nist
Published: Nov 13, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.

Affected (3)

Products: Sap: Netweaver
Sap
1 product
Netweaver
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver
Version 7.30
Netweaver
Version 7.31
Netweaver
Version 7.40

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

Source: cna@sap.com
Third Party AdvisoryVDB Entry
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.