Business Server Pages
CVE-2026-24328
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.
AnalysisAI
Business Server Pages versions up to 740 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Technical ContextAI
This vulnerability (CWE-601: URL Redirection to Untrusted Site (Open Redirect)) affects Business Server Pages. SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Share
External POC / Exploit Code
Leaving vuln.today