Lucene search
HistoryNov 08, 2022 - 10:15 p.m.
CVE-2022-41215
sap
netweaver
abap
platform
url validation
security issue
personal information
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS
0.001
Percentile
35.5%
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
Affected configurations
Node
sapnetweaver_application_server_abapMatch700
ORsapnetweaver_application_server_abapMatch731
ORsapnetweaver_application_server_abapMatch740
ORsapnetweaver_application_server_abapMatch750
ORsapnetweaver_application_server_abapMatch789
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | netweaver_application_server_abap | 700 | cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:* |
| sap | netweaver_application_server_abap | 731 | cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:* |
| sap | netweaver_application_server_abap | 740 | cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:* |
| sap | netweaver_application_server_abap | 750 | cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:* |
| sap | netweaver_application_server_abap | 789 | cpe:2.3:a:sap:netweaver_application_server_abap:789:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2022-41215
2022-11-08 00:00:00
prion
prion
Design/Logic Flaw
2022-11-08 22:15:00
nessus
nessus
SAP NetWeaver AS ABAP URL Redirection (3251202)
2022-11-11 00:00:00
cve
cve
CVE-2022-41215
2022-11-08 22:15:19
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS
0.001
Percentile
35.5%
Related for NVD:CVE-2022-41215