SAP Knowledge Base Article - Preview

3435724 - Prevent redirects with the logoff parameter redirecturl in Employee Central Payroll


The logoff parameter redirecturl can be used to redirect from an ECP system URL to a malicious URL. That is why security scans may mark the logoff parameter redirecturl as security vulnerability.

Example: https://<host>:<port>/sap/public/bc/icf/logoff?redirecturl=https://my.malicious.url



  • Employee Central Payroll (ECP)


ICF, ICF logoff service vulnerability, redirecturl, HTTP_WHITELIST , KBA , LOD-EC-GCP-PY , Payroll Integration EC to Employee Central Payroll , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.