CVE-2021-33697
CVE-2021-33697
In short
SAP BusinessObjects BI Platform versions 420 and 430 contain a vulnerability that allows attackers to redirect users to malicious websites without authentication. This happens through improperly handled links that can be exploited to trick users into visiting dangerous sites.
Technical detail
The vulnerability exists in SAPUI5 components of SAP BusinessObjects BI Platform (versions 420, 430) and enables unauthenticated attackers to perform reverse tabnabbing attacks by manipulating link handling. An attacker can craft a malicious link that, when clicked by a user, redirects to an attacker-controlled site while maintaining context that may facilitate social engineering or credential harvesting.
Summary generated and translated by AI from the official description.
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Affected products
SAP SE · SAP BusinessObjects Business Intelligence Platform (SAPUI5)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →