CVE-2017-16679

URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
sapsap_kernel
7.21
sapsap_kernel
7.21ext:ext
sapsap_kernel
7.22
sapsap_kernel
7.22ext:ext
sapsap_kernel
7.45
sapsap_kernel
7.49
sapsap_kernel
7.52
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102157
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
https://launchpad.support.sap.com/#/notes/2520995
http://www.securityfocus.com/bid/102157
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
https://launchpad.support.sap.com/#/notes/2520995