Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
A vulnerability in BMW's systems allows phishing campaigns to be conducted against the company's customers.
Cybernews specialists identified two subdomains of BMW that were affected by a vulnerability that allowed attackers to redirect users to malicious sites. The vulnerability, called SAP Redirect, affected SAP web application servers (SAP NetWeaver Application Server Java) and allowed fake links to malicious sites to be generated through BMW subdomains.
The SAP redirect vulnerability allows a cybercriminal to fake a redirect link by adding a string to subdomains:
«sap/public/bc/icf/logoff?redirecturl=https://maliciouswebsite[.]com»
The final URL will look like this:
«https://<...>.bmw[.]com/sap/public/bc/icf/logoff?redirecturl=https://maliciouswebsite[.]com»
Two vulnerable BMW subsystems were used to access the internal systems of BMW dealers. Exploiting the flaw could lead to targeted phishing or malware distribution. The vulnerability allowed attackers to redirect the user to a malicious site or embed arbitrary content on a legitimate site by manipulating the URL parameters of the affected SAP system.
The error is not critical, but it opens up many opportunities for phishers targeting employees or customers of the company. For example, you can send an email on behalf of management asking them to take an action. If the user opens the link and enters their credentials, attackers can gain access to the systems to distribute ransomware or other purposes. The vulnerability can also be used for massive phishing campaigns aimed at customers.
Attackers could have used the flaw to steal credentials or distribute malware to unsuspecting users. When a victim clicks on a seemingly legitimate link, they are redirected to the attacker's site. At this point, malicious JavaScript is executed in the client's browser or the user is prompted to enter confidential information.
After the vulnerability was discovered, Cybernews researchers reported it to BMW, and it was promptly fixed. It is noted that the eliminated vulnerability did not compromise the systems associated with the BMW Group, and there was no leakage or misuse of any data. A BMW representative assured that information security is a priority for the BMW Group. According to the company, the BMW Group uses multi-level security controls when accessing internal systems.
To prevent SAP Redirect vulnerabilities, Cybernews recommends applying SAP patches, following secure coding practices, and regularly conducting security assessments to identify and prevent vulnerabilities. Users should also be careful when clicking on links, even if the domain looks legitimate.
Cybernews specialists identified two subdomains of BMW that were affected by a vulnerability that allowed attackers to redirect users to malicious sites. The vulnerability, called SAP Redirect, affected SAP web application servers (SAP NetWeaver Application Server Java) and allowed fake links to malicious sites to be generated through BMW subdomains.
The SAP redirect vulnerability allows a cybercriminal to fake a redirect link by adding a string to subdomains:
«sap/public/bc/icf/logoff?redirecturl=https://maliciouswebsite[.]com»
The final URL will look like this:
«https://<...>.bmw[.]com/sap/public/bc/icf/logoff?redirecturl=https://maliciouswebsite[.]com»
Two vulnerable BMW subsystems were used to access the internal systems of BMW dealers. Exploiting the flaw could lead to targeted phishing or malware distribution. The vulnerability allowed attackers to redirect the user to a malicious site or embed arbitrary content on a legitimate site by manipulating the URL parameters of the affected SAP system.
The error is not critical, but it opens up many opportunities for phishers targeting employees or customers of the company. For example, you can send an email on behalf of management asking them to take an action. If the user opens the link and enters their credentials, attackers can gain access to the systems to distribute ransomware or other purposes. The vulnerability can also be used for massive phishing campaigns aimed at customers.
Attackers could have used the flaw to steal credentials or distribute malware to unsuspecting users. When a victim clicks on a seemingly legitimate link, they are redirected to the attacker's site. At this point, malicious JavaScript is executed in the client's browser or the user is prompted to enter confidential information.
After the vulnerability was discovered, Cybernews researchers reported it to BMW, and it was promptly fixed. It is noted that the eliminated vulnerability did not compromise the systems associated with the BMW Group, and there was no leakage or misuse of any data. A BMW representative assured that information security is a priority for the BMW Group. According to the company, the BMW Group uses multi-level security controls when accessing internal systems.
To prevent SAP Redirect vulnerabilities, Cybernews recommends applying SAP patches, following secure coding practices, and regularly conducting security assessments to identify and prevent vulnerabilities. Users should also be careful when clicking on links, even if the domain looks legitimate.
