CVE-2022-27671

EPSS 1.2%CWE-201

In short

A security token used to prevent attacks is exposed in the website's web address, allowing someone to see it. This can leak sensitive information if the URL is shared or logged.

Technical detail

CSRF tokens in URL parameters are susceptible to disclosure via HTTP Referer headers, browser history, logs, and proxies. This violates token confidentiality principles and may enable token reuse or session hijacking if tokens lack proper expiration or binding mechanisms.

Summary generated and translated by AI from the official description.

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

Affected products

SAP SE · SAP BusinessObjects Business Intelligence Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/3130497 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html