Description
SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2911704
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2911687
Scores
CVSS v3
5.4
EPSS
0.0017
EPSS Percentile
38.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (4)
sap/fiori
200
sap/fiori
300
sap/fiori
400
sap/fiori
500
Published
Jun 10, 2020
Tracked Since
Feb 18, 2026