Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP Sourcing URL, since the victim doesn’t suspect the threat, they click on the link, log in to SAP Sourcing and CLM and at this point, they get redirected to a malicious website.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
SAP Sourcing和SAP Contract Lifecycle Management 1100 输入验证错误漏洞
Vulnerability Description
SAP Sourcing和SAP Contract Lifecycle Management都是德国思爱普(SAP)公司的产品。SAP Sourcing是一个内部应用程序。为采购流程提供端到端解决方案。SAP Contract Lifecycle Management是一个合同生命周期管理平台。 SAP Sourcing和SAP Contract Lifecycle Management 1100版本存在输入验证错误漏洞,该漏洞源于其对输入消毒不当导致攻击者可以将用户重定向到恶意网站。
CVSS Information
N/A
Vulnerability Type
N/A