CVE-2022-41207

Summary

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Biller Direct= 635affected
SAP SESAP Biller Direct= 750affected

Weaknesses

  • CWE-601: CWE-601

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References