// For flags

CVE-2020-26836

SAP Solution Manager 7.2 (ST 720) Open Redirection

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.

SAP Solution Manager (Trace Analysis), versión 720, permite el uso inapropiado de un parámetro en la URL la aplicación conllevando a una vulnerabilidad de Redireccionamiento Abierto, un atacante puede ingresar un enlace a un sitio malicioso que podría engañar al usuario para que introduzca credenciales o descargue un software malicioso, tal y como un parámetro en la URL de la aplicación y compartirlo con el usuario final quien podría potencialmente convertirse en una víctima del ataque

SAP Solution Manager version 7.2 (ST 720) suffers from an open redirection vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-07 CVE Reserved
  • 2020-12-09 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
Solution Manager
Search vendor "Sap" for product "Solution Manager"
7.20
Search vendor "Sap" for product "Solution Manager" and version "7.20"
-
Affected