Primary

Context

SAP Fiori Launchpad Credential Theft Vulnerability via Malicious URLs

Vulnerability

A vulnerability in SAP Fiori Launchpad allows attackers to create malicious URLs that trigger arbitrary service calls within the Fiori domain. When these URLs are opened by users, they could lead to the theft of user credentials, compromising accounts. Exploitation of this vulnerability requires advanced knowledge of the system, resulting in a low impact on confidentiality and integrity, with no effect on availability.

Impact

Successful exploitation could result in the theft of user credentials, allowing attackers to compromise user accounts.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.

Added: Jun 9, 2026, 1:32 AM

Updated: Jun 9, 2026, 1:32 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.5

exploitability

6.2

remediation

7.9

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.5

exploitability

6.2

remediation

7.9

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Fiori Launchpad Credential Theft Vulnerability via Malicious URLs

Vulnerability

Impact

Remediation

Affected Products

SAP Fiori Launchpad

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating