SAP Fiori Launchpad Reverse Tabnabbing Vulnerability

A Reverse Tabnabbing vulnerability exists in SAP Fiori (Launchpad) due to insufficient external navigation protections for link elements. This vulnerability allows an attacker with administrative user privileges to exploit compromised or malicious pages, potentially leading to unintended manipulation of user sessions or exposure of sensitive information. While certain configurations require administrative access, the attack can be executed without it. The vulnerability affects the confidentiality and integrity of the system, but does not impact availability.

Impact

Exploitation could result in unauthorized manipulation of user sessions or disclosure of sensitive information.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.