SAP Solution Manager Open Redirect from Trace Analysis

Impact On Business

Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service.

Affected Components Description

SAP Solution Manager 7.2

(Check SAP Note 2938650 for detailed information on affected releases)

Vulnerability Details

An open redirect vulnerability exists in the application E2E Trace Analysis in SAP Solution Manager 7.2. The servlet `/E2eTraceGatewayW/E2eTraceServlet` uses current user information to gather logs content stored in the backend server. The attacker can enter a link to a malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.


SAP has released SAP Note 2938650 which provides patched versions of the affected components.

The patches can be downloaded from:

Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks.

Report Timeline

  • 04/30/2020 – Onapsis provides details to SAP
  • 04/30/2020 – SAP Provides ID: SR-20-00204
  • 05/11/2020 – SAP provides update: “Vulnerability in progress”
  • 10/12/2020 – SAP provides update: “Fix in progress”
  • 12/08/2020 – SAP releases SAP Note fixing the issue. Vulnerability is now closed


Advisory Information

  • Public Release Date: 06/14/2021
  • Security Advisory ID: ONAPSIS-2021-005
  • Vulnerability Submission ID: 857
  • Researcher(s): Yvan Genuer

Vulnerability Information

  • Vendor: SAP
  • Vulnerability Class: |LS|CWE-601|RS| URL Redirection to Untrusted Site
  • CVSS v3 score: 3.4 (AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)
  • Severity: Low
  • CVE: CVE-2020-26836
  • Vendor patch Information: SAP Security Note #2938650


Onapsis Research Labs provides the industry analysis of key security issues that impact mission-critical systems and applications.

Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community.

Find all reported vulnerabilities at


This advisory is licensed under a Creative Commons 4.0 BY-ND International License

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.