SAP Business Connector Open Redirect Vulnerability Allowing Phishing and Unauthorized Actions

An open redirect vulnerability has been identified in SAP Business Connector. This issue allows an unauthenticated attacker to create a malicious URL that, when accessed by a victim, redirects them to an attacker-controlled site within an embedded frame. Exploitation of this vulnerability could enable the attacker to steal sensitive information and perform unauthorized actions, thereby compromising the confidentiality and integrity of web client data. However, this vulnerability does not affect system availability.

Impact

Exploitation of this vulnerability could lead to phishing attacks, allowing attackers to steal sensitive information from victims. Additionally, it could enable unauthorized actions on behalf of the victim, further compromising web client data.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, particularly on SAP Security Patch Days, which occur on the second Tuesday of each month.