Primary

Context

SAP Fiori for SAP ERP Host Header Injection Vulnerability Allowing OData Cache Poisoning

Vulnerability

A vulnerability exists in the SAP OData endpoint within SAP Fiori for SAP ERP, where cached values can be poisoned by altering the Host header in an HTTP GET request. This manipulation could redirect the 'atom:link' values in the metadata response from the SAP server to a malicious link specified by the attacker. Exploitation of this vulnerability could lead to a low integrity impact on the application.

Impact

Exploitation of this vulnerability could cause a low impact on the application's integrity.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP for Me platform. SAP Security Patch Days occur on the second Tuesday of each month, when SAP publishes important security updates.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Fiori for SAP ERP Host Header Injection Vulnerability Allowing OData Cache Poisoning

Vulnerability

Impact

Remediation

Affected Products

SAP Fiori

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating