CVE-2022-41215

Summary

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 700affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 731affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 740affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 750affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 789affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 701affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 702affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 751affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 752affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 753affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 754affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 755affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 756affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 757affected
SAP SESAP NetWeaver ABAP Server and ABAP Platform= 790affected

Weaknesses

  • CWE-601: CWE-601

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References