Insufficient URL Validation in SAP Fiori for SAP S/4HANA: A Potential for Malicious Site Redirection

Insufficient URL Validation in SAP Fiori for SAP S/4HANA: A Potential for Malicious Site Redirection

CVE-2020-6266 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.

Learn more about our User Device Pen Test.