Description
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.
Affected products
- SAP / business_connectorcore_fix_7
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/18880
- MISChttp://www.securityfocus.com/archive/1/434012/30/4980/threaded
- MISChttp://securitytracker.com/id?1015639
- MISChttp://www.securityfocus.com/bid/16671
- MISChttp://www.securityfocus.com/archive/1/425056/100/0/threaded
- MISChttp://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0611
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/24751