SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability

Bugtraq ID:	105898
Class:	Input Validation Error
CVE:	CVE-2018-2476
Remote:	Yes
Local:	No
Published:	Nov 13 2018 12:00AM
Updated:	Nov 13 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	SAP NetWeaver 7.40 SAP NetWeaver 7.31 SAP NetWeaver 7.30
Not Vulnerable:

SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability

SAP NetWeaver is prone to open-redirection vulnerability

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note 2658755 (SAP)
  
• SAP Security Patch Day �?? November 2018 (SAP)