CVE-2017-16679 Information

Description

URL redirection vulnerability in SAP’s Startup Service SAP KERNEL 32 NUC SAP KERNEL 32 Unicode SAP KERNEL 64 NUC SAP KERNEL 64 Unicode 7.21 7.21EXT 7.22 and 7.22EXT; SAP KERNEL 7.21 7.22 7.45 7.49 and 7.52 that allows an attacker to redirect users to a malicious site.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/102157 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ https://launchpad.support.sap.com//notes/2520995

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1