Rewterz Threat Advisory – Multiple SAP NetWeaver Vulnerabilities
December 15, 2022Rewterz Threat Advisory – CVE-2022-41266 – SAP Commerce Webservices Vulnerability
December 15, 2022Rewterz Threat Advisory – Multiple SAP NetWeaver Vulnerabilities
December 15, 2022Rewterz Threat Advisory – CVE-2022-41266 – SAP Commerce Webservices Vulnerability
December 15, 2022Severity
Medium
Analysis Summary
CVE-2022-41273
SAP Sourcing and Contract Lifecycle Management could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
Impact
Gain Access
Indicators Of Compromise
CVE
- CVE-2022-41273
Affected Vendors
SAP
Affected Products
- SAP Sourcing 1100 SAP
- Contract Lifecycle Management 1100
Remediation
Current SAP customers should refer to SAP note for patch information, available from the SAP Website (login required).