Description
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102157
Permissions Required, Vendor Advisory x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2520995
Scores
CVSS v3
6.1
EPSS
0.0030
EPSS Percentile
53.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (8)
SAP/SAP Startup Service
SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.
sap/sap_kernel
7.21
sap/sap_kernel
7.21ext
sap/sap_kernel
7.22
sap/sap_kernel
7.22ext
sap/sap_kernel
7.45
sap/sap_kernel
7.49
sap/sap_kernel
7.52
Published
Dec 12, 2017
Tracked Since
Feb 18, 2026