CVE-2022-41207 — MEDIUM (6.1)

Vulnerability Description

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Biller Direct	635

Related Weaknesses (CWE)

CWE-601

References

https://launchpad.support.sap.com/#/notes/3238042Permissions RequiredVendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://launchpad.support.sap.com/#/notes/3238042Permissions RequiredVendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

FAQ

What is CVE-2022-41207?

CVE-2022-41207 is a vulnerability with a CVSS score of 6.1 (MEDIUM). SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malici...

How severe is CVE-2022-41207?

CVE-2022-41207 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-41207?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Biller Direct.