Impact
The open redirect flaw resides in the SAP Approuter's handling of request headers during the OAuth2 login flow. Because incoming headers are not validated correctly, an attacker can create a malicious link that redirects victims to arbitrary URLs. This flaw can be used to facilitate phishing, credential phishing, or unauthorized application access, causing significant breaches of confidentiality and integrity while leaving availability unaffected.
Affected Systems
The vulnerability affects SAP Approuter applications that are deployed with the current OAuth2 configuration. No specific version information is provided, so all releases under the described configurations are potentially impacted.
Risk and Exploitability
The vulnerability has a CVSS score of 8.1, indicating high severity. While the EPSS score is unavailable, the lack of authentication requirement and the ease of crafting a redirect URL make exploitation likely in environments where users interact with external links. The flaw is not listed in the CISA KEV catalog, but its potential for phishing and credential theft poses a serious risk.
OpenCVE Enrichment