URL Redirection vulnerability in SAP Marketing (Contacts App)

SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

指向未可信站点的URL重定向(开放重定向)

SAP Marketing 输入验证错误漏洞

SAP Marketing是德国思爱普（SAP）公司的一个营销平台。 SAP Marketing 存在输入验证错误漏洞，该漏洞源于允许低权限攻击者诱骗用户打开恶意页面，这可能导致非常可信的网络钓鱼攻击，对应用程序的机密性和完整性影响很小。

N/A

N/A