SAPUI5 Search UI URL Parameter Manipulation Vulnerability

A vulnerability in SAPUI5 Search UI allows an unauthenticated attacker to alter specific URL parameters to inject malicious content. This exploitation could mislead users into clicking on links that lead to attacker-controlled pages, posing a low risk to confidentiality but no impact on the application's integrity or availability.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are tricked into visiting malicious websites controlled by the attacker.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.