Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Businessobjects_business_intelligence | Sap | 420 (including) | 420 (including) |
Businessobjects_business_intelligence | Sap | 430 (including) | 430 (including) |