/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Security scans may mark the ICF logoff parameter redirecturl as a security vulnerability. This is because the redirecturl parameter can be used to redirect the victim to a malicious URL.
Example:
https://<host>:<port>/sap/public/bc/icf/logoff?redirecturl=https://my.malicious.url
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Read more...
Environment
- SAP NetWeaver
- SAP NetWeaver Application Server for SAP S/4HANA
- ABAP PLATFORM - Application Server ABAP
Product
Keywords
ICF, Internet Communication Framework, SICF, Service, Services, ICF service, ICF_GDPR, ICF_STD, ICF logoff service vulnerability, security team, redirectURL, url for redirect, allowlist, http_whitelist, se16, ucon, uconcockpit, logoff service, Trusted Network Zone, entry type 21, ucon_chw, open redirect, vulnerability , KBA , BC-MID-ICF , Internet Communication Framework , BC-MID-ICF-LGN , ICF System Login , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)