Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirect Vulnerability in SAP HANA extended application services, advanced model (User Account and Authentication Services)
Vulnerability Description
The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation. On successful exploitation attacker can cause limited impact on confidentiality, integrity, and availability of the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
SAP HANA 输入验证错误漏洞
Vulnerability Description
SAP HANA是德国思爱普(SAP)公司的一套高性能的实时数据分析平台。该平台提供数据查询功能,支持用户对查询实时业务数据进行查询和分析。 SAP HANA存在输入验证错误漏洞,该漏洞源于重定向 URL 验证不足,浏览器会重定向到恶意网站。
CVSS Information
N/A
Vulnerability Type
N/A