CVE-2020-26836 Scanner

SAP Solution Manager is utilized by enterprises to manage and maintain SAP and non-SAP systems. It provides a platform for businesses to oversee system implementations, integrations, and upgrades efficiently. The software plays a critical role in lifecycle management and is widely adopted by organizations relying on SAP solutions. IT professionals and administrators commonly use SAP Solution Manager to ensure system performance and reliability. This management tool assists in application operation, support, and monitoring across various environments. Its comprehensive features make it an essential tool for continued system efficiency and performance.

Open Redirect is a security vulnerability that occurs when a web application accepts user-supplied data as input and redirects them without validation to a different site. In SAP Solution Manager, this vulnerability allows an attacker to use the system to redirect users to malicious sites. Open Redirect flaws may lead to user phishing and theft of sensitive information if the redirected domain is controlled by malicious parties. This vulnerability can undermine a user's trust in the organization's websites. Although Open Redirects are commonly viewed as low-risk, they can have significant indirect effects on site reputations and user data security.

The technical details of this vulnerability involve the misuse of a logoff endpoint in SAP Solution Manager. Attackers exploit it by inserting a malicious 'redirecturl' parameter, which causes the system to redirect the user to a potentially harmful website. The vulnerability lies in the application's failure to correctly sanitize the redirection URL, thus exposing users to phishing attacks. The lack of restriction or validation of the destination URL is what permits this exploitation. This flaw can allow even unauthenticated attackers to use the vulnerable endpoint as a tool to deploy their social engineering attacks. The issue is identifiable by observing the HTTP response status and headers for redirection.

Exploitation of this vulnerability could lead to users being unknowingly redirected to malicious domains. As a result, there is a risk of sensitive information being disclosed if users are tricked into providing credentials or personal data. Additionally, such redirection can facilitate unauthorized actions or data manipulation within user sessions. The trustworthiness of the organization's digital assets might also be compromised due to potential misuse of their system's redirection capabilities. Furthermore, this vulnerability leaves the organization exposed to potential malicious campaigns that may use the open redirect to amplify phishing or spear-phishing attacks.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2020-26836
• https://onapsis.com/security-advisories/sap-solution-manager-open-redirect-trace-analysis/
• http://packetstormsecurity.com/files/163136/SAP-Solution-Manager-7.2-ST-720-Open-Redirection.html
• http://seclists.org/fulldisclosure/2021/Jun/25