CVE-2020-6365 Information
Feb 14, 2021
cve
Description
SAP NetWeaver AS Java versions - 7.10 7.11 7.20 7.30 7.31 7.40 7.50 Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://launchpad.support.sap.com//notes/2969828 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: