Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirect vulnerability in SAP Approuter
Vulnerability Description
SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
SAP Approuter 输入验证错误漏洞
Vulnerability Description
SAP Approuter是德国SAP公司开源的一项轻量级服务,可作为 SAP 生态系统中各种后端服务和应用程序的单一入口点。 SAP Approuter 21.2.0之前版本存在输入验证错误漏洞,该漏洞源于在特定配置下未正确验证OAuth2登录流程中的请求标头,可能导致未经身份验证的远程攻击者构造恶意链接,在受害者点击后实现未授权访问,对机密性和完整性造成高影响。
CVSS Information
N/A
Vulnerability Type
N/A