CVE-2020-6365

Summary

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server Java< 7.10affected
SAP SESAP NetWeaver Application Server Java< 7.11affected
SAP SESAP NetWeaver Application Server Java< 7.20affected
SAP SESAP NetWeaver Application Server Java< 7.30affected
SAP SESAP NetWeaver Application Server Java< 7.31affected
SAP SESAP NetWeaver Application Server Java< 7.40affected
SAP SESAP NetWeaver Application Server Java< 7.50affected

Weaknesses

  • Reverse Tabnabbing

ADP Enrichment

CVE Program Container

Additional References

References