Unrated severityNVD Advisory· Published Oct 15, 2020· Updated Aug 4, 2024
CVE-2020-6365
CVE-2020-6365
Description
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.
Affected products
2- Range: = 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP SE/SAP NetWeaver Application Server Javav5Range: < 7.10
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.