frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 up to and including 7.00 allows remote malicious users to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap sap web application server 6.40 |
||
sap sap web application server 7.0 |
||
sap sap web application server 6.10 |
||
sap sap web application server 6.20 |