Lucene search
K

SAP Solution Manager - Open Redirect

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 22 Views

SAP Solution Manager has an open redirect via the logoff endpoint, risking redirection to a malicious site.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-26836
9 Dec 202020:32
circl
CNNVD
SAP Solution Manager 输入验证错误漏洞
8 Dec 202000:00
cnnvd
CNVD
SAP Solution Manager Open Redirect Vulnerability
15 Dec 202000:00
cnvd
CVE
CVE-2020-26836
9 Dec 202016:31
cve
Cvelist
CVE-2020-26836
9 Dec 202016:31
cvelist
EUVD
EUVD-2020-19372
7 Oct 202500:30
euvd
NCSC
Vulnerabilities fixed in SAP products
8 Dec 202000:00
ncsc
NVD
CVE-2020-26836
9 Dec 202017:15
nvd
OSV
CVE-2020-26836
9 Dec 202017:15
osv
Packet Storm
SAP Solution Manager 7.2 (ST 720) Open Redirection
15 Jun 202100:00
packetstorm
Rows per page
id: CVE-2020-26836

info:
  name: SAP Solution Manager - Open Redirect
  author: Gal Nagli,LRVT
  severity: medium
  description: SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Attackers can redirect users to malicious websites through crafted links, potentially facilitating phishing attacks or credential theft.
  remediation: |
    Apply security patches or updates provided by SAP to fix the vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-26836
    - https://onapsis.com/security-advisories/sap-solution-manager-open-redirect-trace-analysis/
    - http://packetstormsecurity.com/files/163136/SAP-Solution-Manager-7.2-ST-720-Open-Redirection.html
    - http://seclists.org/fulldisclosure/2021/Jun/25
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2020-26836
    cwe-id: CWE-601
    epss-score: 0.02338
    epss-percentile: 0.81556
    cpe: cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: sap
    product: solution_manager
  tags: cve,cve2020,redirect,sap,vuln,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://interact.sh"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 302
          - 301
          - 307

      - type: word
        part: header
        words:
          - "Location: https://www.interact.sh"
          - "Location: https://interact.sh"
        condition: or
# digest: 4a0a0047304502206ae62284902f71c03a142e2977e510fe6d87400e1c030e0ab9b8039d4f75f5ff02210097eabe9f91a423c5daf8d059359af34d742b91a7ab1017326cd2dfe0dd9f167e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 25.8
CVSS 3.16.1
CVSS 33.4
EPSS0.02338
22