Vulnerabilities > CVE-2022-41207 - Unspecified vulnerability in SAP Biller Direct 635/750

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2022-11-08

Updated: 2024-11-21

Summary

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Biller Direct 750 SAP Biller Direct 635	2

References

https://launchpad.support.sap.com/#/notes/3238042
https://launchpad.support.sap.com/#/notes/3238042
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html