CVE-2022-41273 is a medium-severity vulnerability classified under CWE-601, known as 'URL Redirection to Untrusted Site' or 'Open Redirect', affecting SAP Sourcing and SAP Contract Lifecycle Management (CLM) version 1100. The root cause of this vulnerability lies in improper input sanitization within these SAP products, which allows an attacker to craft malicious URLs that appear legitimate to end users. Specifically, an attacker can send a phishing email containing a manipulated link that looks like a valid SAP Sourcing URL. When the victim clicks the link and logs into the SAP Sourcing or CLM system, they are subsequently redirected to a malicious external website controlled by the attacker. This redirection can facilitate various attack scenarios including credential theft, session hijacking, or delivery of malware, as users are unlikely to suspect the threat due to the initial legitimate appearance of the URL. The vulnerability does not require prior authentication or user privileges beyond the victim clicking the link and logging in. There are no known exploits in the wild reported to date, and no official patches have been linked in the provided information, though SAP typically issues security notes or patches for such vulnerabilities. The attack vector is primarily social engineering combined with the technical flaw in URL validation, making user awareness a critical factor in exploitation. The vulnerability affects only version 1100 of the SAP Sourcing and CLM products, which are enterprise-grade procurement and contract management solutions widely used in large organizations for managing sourcing processes and contract lifecycles.

For European organizations, the impact of CVE-2022-41273 can be significant, especially for those relying on SAP Sourcing and CLM for critical procurement and contract management operations. Successful exploitation can lead to users being redirected to malicious sites that may harvest credentials or deliver malware, potentially compromising user accounts and sensitive business data. This can result in unauthorized access to procurement workflows, contract details, and supplier information, undermining confidentiality and integrity. Additionally, if attackers leverage this redirection to deploy malware or conduct further phishing campaigns, it could lead to broader network compromise or data breaches. Given the strategic importance of procurement and contract management in supply chain security and regulatory compliance (e.g., GDPR), such a vulnerability could disrupt business operations, cause financial losses, and damage reputations. The social engineering aspect increases the risk since users may be deceived despite existing security controls. However, the vulnerability does not directly allow remote code execution or system takeover, limiting the scope to user session compromise and phishing facilitation. The absence of known active exploits reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize open redirects in targeted campaigns.

To mitigate CVE-2022-41273 effectively, European organizations should implement a multi-layered approach beyond generic patching advice. First, verify with SAP the availability of official patches or security notes addressing this vulnerability and apply them promptly. If patches are not yet available, consider implementing web application firewall (WAF) rules to detect and block suspicious URL parameters that could trigger open redirects. Enhance email security by deploying advanced phishing detection and URL rewriting solutions that can identify and quarantine emails containing suspicious SAP URLs. Conduct targeted user awareness training focusing on recognizing phishing attempts involving legitimate-looking URLs and the risks of clicking links before verifying authenticity. Implement strict URL validation and sanitization on any custom integrations or extensions interfacing with SAP Sourcing and CLM to prevent exploitation of similar flaws. Monitor logs for unusual redirection patterns or spikes in failed login attempts following redirections. Additionally, enforce multi-factor authentication (MFA) on SAP Sourcing and CLM user accounts to reduce the impact of credential theft. Finally, segment SAP systems within the network to limit lateral movement if user credentials are compromised.