CVE-2020-6215

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
sapCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html
http://seclists.org/fulldisclosure/2023/Oct/13
https://launchpad.support.sap.com/#/notes/2872782
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html
http://seclists.org/fulldisclosure/2023/Oct/13
https://launchpad.support.sap.com/#/notes/2872782
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202