/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
The logoff parameter redirecturl can be used to redirect from an ECP system URL to a malicious URL. That is why security scans may mark the logoff parameter redirecturl as security vulnerability.
Example: https://<host>:<port>/sap/public/bc/icf/logoff?redirecturl=https://my.malicious.url
Read more...
Environment
SAP SuccessFactors Employee Central Payroll
Product
SAP SuccessFactors Employee Central Payroll all versions
Keywords
ICF, ICF logoff service vulnerability, redirecturl, HTTP_WHITELIST , KBA , LOD-EC-ECP-PY , Payroll Integration EC to Employee Central Payroll , LOD-EC-ECP-SF , Employee Central Payroll functionality part of SF , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)