Primary

Context

SAP BSP Applications Unvalidated URL Parameter Vulnerability Leading to Open Redirect

Vulnerability

A vulnerability exists in SAP BSP applications that allows an unauthenticated user to manipulate URL parameters. These parameters are not properly validated, which could lead to unvalidated redirection to attacker-controlled websites. This issue poses a low risk to the confidentiality and integrity of the application, with no impact on availability.

Impact

Exploitation of this vulnerability could result in an unvalidated open redirect, allowing users to be redirected to malicious websites.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.

Added: Feb 10, 2026, 5:49 AM

Updated: Feb 10, 2026, 5:49 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.2

exploitability

7.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.2

exploitability

7.0

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP BSP Applications Unvalidated URL Parameter Vulnerability Leading to Open Redirect

Vulnerability

Impact

Remediation

Affected Products

SAP BSP applications

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating