SAP NetWeaver Application Server ABAP and ABAP Platform could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
SAP NetWeaver ABAP Server and ABAP Platform could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
Current SAP customers should refer to SAP Security Advisory for patch information, available from the SAP Web site (login required).