SAP Knowledge Base Article - Preview

3143650 - The logoff parameter redirecturl is marked as a security vulnerability


Security scans may mark the ICF logoff parameter redirecturl as a security vulnerability. This is because the redirecturl parameter can be used to redirect the victim to a malicious URL.


Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.



  • SAP NetWeaver
  • SAP NetWeaver Application Server for SAP S/4HANA
  • ABAP PLATFORM - Application Server ABAP


ABAP platform all versions ; SAP NetWeaver all versions ; SAP Web Application Server for SAP S/4HANA all versions


ICF, Internet Communication Framework, SICF, Service, Services, ICF service, ICF_GDPR, ICF_STD, ICF logoff service vulnerability, security team, redirectURL, url for redirect, allowlist, http_whitelist, se16, ucon, uconcockpit, logoff service, Trusted Network Zone, entry type 21, ucon_chw, open redirect, vulnerability , KBA , BC-MID-ICF , Internet Communication Framework , BC-MID-ICF-LGN , ICF System Login , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.