Impact On Business
Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service.
Affected Components Description
SAP Solution Manager 7.2
(Check SAP Note 2938650 for detailed information on affected releases)
An open redirect vulnerability exists in the application E2E Trace Analysis in SAP Solution Manager 7.2. The servlet `/E2eTraceGatewayW/E2eTraceServlet` uses current user information to gather logs content stored in the backend server. The attacker can enter a link to a malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.
SAP has released SAP Note 2938650 which provides patched versions of the affected components.
The patches can be downloaded from: https://launchpad.support.sap.com/#/notes/2938650
Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks.
- 04/30/2020 - Onapsis provides details to SAP
- 04/30/2020 - SAP Provides ID: SR-20-00204
- 05/11/2020 - SAP provides update: "Vulnerability in progress"
- 10/12/2020 - SAP provides update: "Fix in progress"
- 12/08/2020 - SAP releases SAP Note fixing the issue. Vulnerability is now closed
- Onapsis Blog Post:https://onapsis.com/blog/sap-security-notes-december-2020
- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26836
- Vendor Patch:https://launchpad.support.sap.com/#/notes/2938650
- Public Release Date: 06/14/2021
- Security Advisory ID: ONAPSIS-2021-005
- Vulnerability Submission ID: 857
- Researcher(s): Yvan Genuer
- Vendor: SAP
- Vulnerability Class: |LS|CWE-601|RS| URL Redirection to Untrusted Site
- CVSS v3 score: 3.4 (AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)
- Severity: Low
- CVE: CVE-2020-26836
- Vendor patch Information: SAP Security Note #2938650
ABOUT OUR RESEARCH LABS
Onapsis Research Labs provides the industry analysis of key security issues that impact mission-critical systems and applications.
Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community.
Find all reported vulnerabilities at https://github.com/Onapsis/vulnerability_advisories
This advisory is licensed under a Creative Commons 4.0 BY-ND International License