CVE-2024-21734 LOW

CVE-2024-21734: URL Redirection vulnerability in SAP Marketing (Contacts App)

Vendor Sap_Se

Product SAP Marketing (Contacts App)

Weakness CWE-601 · Open redirect

Published January 9, 2024

Last update November 14, 2024

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.

Key dates

02Disclosure timeline

January 9, 2024 CVE published

November 14, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-21734 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

CVE-2024-21734: URL Redirection vulnerability in SAP Marketing (Contacts App)

01Description

02Disclosure timeline

03References

04Related CVE