Search criteria
12 vulnerabilities found for business_client by sap
FKIE_CVE-2021-38150
Vulnerability from fkie_nvd - Published: 2021-09-14 12:15 - Updated: 2025-05-27 16:49
Severity ?
Summary
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4DCC2591-B6DC-4400-9232-0F8646CEA27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "E9BB1D96-1EC8-4799-9C8A-9E48C9A4F762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "2E6FBF7F-2837-4EDF-AF90-EA34E915DA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "7BE4ABDD-34A2-4E4B-B5C3-5928FA7CAF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "B359B4DF-DA66-411D-84A3-269288A966B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level13:*:*:*:*:*:*",
"matchCriteriaId": "E21CF0CE-75F5-4BF9-8817-2441C0C3EB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level14:*:*:*:*:*:*",
"matchCriteriaId": "1B4FE977-F393-4D2C-90BE-7BD31E1A8A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level15:*:*:*:*:*:*",
"matchCriteriaId": "59416C9F-ED79-4A98-9F2D-35CA023FF657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level16:*:*:*:*:*:*",
"matchCriteriaId": "DCE4C725-C055-40B5-8557-4379F3BBAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level17:*:*:*:*:*:*",
"matchCriteriaId": "ABBC083A-A8F0-4F11-AE4B-20338C2E844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "A24B1283-F7DE-4190-9A46-9DE6A7B01CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "712154F8-A74C-4EBD-9B23-42446ABD58BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "185083BD-7975-4119-A79D-6FED53B761C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "803E4E68-9A63-4AC3-91F9-69170A1A50B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "77B2B1FA-CEFE-4488-A461-A461C042DBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "263EB3B6-A4C7-4E46-A330-2724DA293614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "08453B8F-81CA-4C61-91AB-FDE36B8C569E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "9FDBADC6-459B-4F28-BB1C-E1B35F3EE29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "D3017250-3230-49D8-A99F-E51B1FAA765B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "8458AB93-04B9-412F-8005-E83D2E0AB371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "867C19C8-8C54-46FE-B86B-CC4F6D889CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "4F6F91C1-4C10-46FE-B504-3CBFE321DBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "ACF0B13B-39A0-49CC-9CE9-D1976D4D0293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level13:*:*:*:*:*:*",
"matchCriteriaId": "E4CE7BCC-1544-4648-96C3-1EC673404664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level14:*:*:*:*:*:*",
"matchCriteriaId": "4632251A-3329-469A-93A6-10DE0F6FA37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level15:*:*:*:*:*:*",
"matchCriteriaId": "E8F004FD-6319-4C72-AECB-CD902E112AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level16:*:*:*:*:*:*",
"matchCriteriaId": "AE44C3F8-EA51-44C4-AE43-CB41842789AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level17:*:*:*:*:*:*",
"matchCriteriaId": "1EB8DE0F-4F1A-4716-91D7-57227962B1AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level18:*:*:*:*:*:*",
"matchCriteriaId": "40A7D341-021C-48DC-BA28-97A58D0099CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level19:*:*:*:*:*:*",
"matchCriteriaId": "C2DEBA9F-AD62-4DF6-8EA8-BB5C9068D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "2816D81F-3EC1-4601-BB63-87DA36513D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level20:*:*:*:*:*:*",
"matchCriteriaId": "49FFB8DA-61BB-421A-94DA-52A508E5A258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level21:*:*:*:*:*:*",
"matchCriteriaId": "C3B6C564-3819-48A9-8E78-76297D0FEED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level22:*:*:*:*:*:*",
"matchCriteriaId": "525CD7C5-BE22-4EBF-B5B5-74B155869BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "95283C24-58A1-4413-B961-15D3302AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "DCF8C247-57B8-4F98-B35D-BC6BB967F89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "BFFA9F1A-D738-4CF8-B3FE-9F00B69BC939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "FC7279CA-2239-4E25-95DE-4397F880A140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "7FC01169-4207-425D-B198-9935687FF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "23F7E156-EC15-4474-A23B-E24D6BFDA1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "4809209D-7FAE-431E-B266-A8571F327A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "874B3392-3FB6-4ED9-8F77-E8AA39102BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "F965EF21-3DB6-4E38-B851-649A286D2F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "56319E10-B2F0-4639-B95A-AEF54E4DDD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "8A529A79-7F6C-4B92-B225-FA81A7949808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "F3AD3029-D5E4-4487-8E55-9A1F31746390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level13:*:*:*:*:*:*",
"matchCriteriaId": "25F3694D-BC75-4535-B633-A9D4A1ED4E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level14:*:*:*:*:*:*",
"matchCriteriaId": "C7F33A02-31C1-45B0-BF8D-CC610EC26DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level15:*:*:*:*:*:*",
"matchCriteriaId": "06B67379-7714-4476-8168-CB9FB71B4737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level16:*:*:*:*:*:*",
"matchCriteriaId": "30BD9F7D-5C5C-4F0E-9408-50F7F42D00F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level17:*:*:*:*:*:*",
"matchCriteriaId": "1AAB49BA-168D-4A47-BA33-B35ECC9200F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level18:*:*:*:*:*:*",
"matchCriteriaId": "8A659093-E599-4509-92ED-C0E11AC4A08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level19:*:*:*:*:*:*",
"matchCriteriaId": "36562B9B-86C2-4574-A41B-13F867E7E79F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "59F59D6D-37FD-485B-A857-6BB17FACA21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level20:*:*:*:*:*:*",
"matchCriteriaId": "843DF75B-85A8-4932-A592-CDB7B2E69871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "069CB609-C2CE-425C-B704-41617D02FD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "09E44F60-1661-4497-AFFE-DCF59F12365C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "F05E3BFA-535D-4BEE-B235-A6F03833005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "144DC09D-5D4B-4257-A7F0-90B6D50E13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "9DE1B4C1-BD1C-413A-88FF-65D068AEB5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "D2A5CAFF-093F-413F-8CAF-DD2B25D6F0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "020153C8-32A7-418A-A8FF-DD9E195BA37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.70:-:*:*:*:*:*:*",
"matchCriteriaId": "1DC495C8-1E74-4033-9115-D8E55118FC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.70:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "232AFB3D-83F9-4EC3-A965-070C94A6DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.70:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "10FB3557-34F1-49E7-ABCB-B2C345139279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.70:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "2990665F-89FA-4DCA-B995-CEB697F6C517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.70:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "31EA75D0-8BFD-4445-8B4A-1BC3E9217333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.70:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "B5DEAB61-3708-4171-ADC4-96A657A3CB9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid."
},
{
"lang": "es",
"value": "Cuando un atacante consigue acceder a la memoria local, o al volcado de memoria de una v\u00edctima, por ejemplo mediante un ataque de ingenier\u00eda social, SAP Business Client versiones - 7.0, 7.70, le permitir\u00e1n leer datos extremadamente confidenciales, como las credenciales. Esto permitir\u00eda al atacante comprometer el backend correspondiente para el que las credenciales son v\u00e1lidas"
}
],
"id": "CVE-2021-38150",
"lastModified": "2025-05-27T16:49:57.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T12:15:10.503",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-6244
Vulnerability from fkie_nvd - Published: 2020-05-12 18:15 - Updated: 2025-05-27 16:50
Severity ?
Summary
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4DCC2591-B6DC-4400-9232-0F8646CEA27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "E9BB1D96-1EC8-4799-9C8A-9E48C9A4F762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "2E6FBF7F-2837-4EDF-AF90-EA34E915DA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "7BE4ABDD-34A2-4E4B-B5C3-5928FA7CAF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "B359B4DF-DA66-411D-84A3-269288A966B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level13:*:*:*:*:*:*",
"matchCriteriaId": "E21CF0CE-75F5-4BF9-8817-2441C0C3EB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level14:*:*:*:*:*:*",
"matchCriteriaId": "1B4FE977-F393-4D2C-90BE-7BD31E1A8A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level15:*:*:*:*:*:*",
"matchCriteriaId": "59416C9F-ED79-4A98-9F2D-35CA023FF657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level16:*:*:*:*:*:*",
"matchCriteriaId": "DCE4C725-C055-40B5-8557-4379F3BBAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level17:*:*:*:*:*:*",
"matchCriteriaId": "ABBC083A-A8F0-4F11-AE4B-20338C2E844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "A24B1283-F7DE-4190-9A46-9DE6A7B01CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "712154F8-A74C-4EBD-9B23-42446ABD58BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "185083BD-7975-4119-A79D-6FED53B761C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "803E4E68-9A63-4AC3-91F9-69170A1A50B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "77B2B1FA-CEFE-4488-A461-A461C042DBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "263EB3B6-A4C7-4E46-A330-2724DA293614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "08453B8F-81CA-4C61-91AB-FDE36B8C569E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "9FDBADC6-459B-4F28-BB1C-E1B35F3EE29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "D3017250-3230-49D8-A99F-E51B1FAA765B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "8458AB93-04B9-412F-8005-E83D2E0AB371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "867C19C8-8C54-46FE-B86B-CC4F6D889CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "4F6F91C1-4C10-46FE-B504-3CBFE321DBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "ACF0B13B-39A0-49CC-9CE9-D1976D4D0293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level13:*:*:*:*:*:*",
"matchCriteriaId": "E4CE7BCC-1544-4648-96C3-1EC673404664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level14:*:*:*:*:*:*",
"matchCriteriaId": "4632251A-3329-469A-93A6-10DE0F6FA37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level15:*:*:*:*:*:*",
"matchCriteriaId": "E8F004FD-6319-4C72-AECB-CD902E112AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level16:*:*:*:*:*:*",
"matchCriteriaId": "AE44C3F8-EA51-44C4-AE43-CB41842789AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level17:*:*:*:*:*:*",
"matchCriteriaId": "1EB8DE0F-4F1A-4716-91D7-57227962B1AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level18:*:*:*:*:*:*",
"matchCriteriaId": "40A7D341-021C-48DC-BA28-97A58D0099CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level19:*:*:*:*:*:*",
"matchCriteriaId": "C2DEBA9F-AD62-4DF6-8EA8-BB5C9068D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "2816D81F-3EC1-4601-BB63-87DA36513D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level20:*:*:*:*:*:*",
"matchCriteriaId": "49FFB8DA-61BB-421A-94DA-52A508E5A258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level21:*:*:*:*:*:*",
"matchCriteriaId": "C3B6C564-3819-48A9-8E78-76297D0FEED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level22:*:*:*:*:*:*",
"matchCriteriaId": "525CD7C5-BE22-4EBF-B5B5-74B155869BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "95283C24-58A1-4413-B961-15D3302AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "DCF8C247-57B8-4F98-B35D-BC6BB967F89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "BFFA9F1A-D738-4CF8-B3FE-9F00B69BC939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "FC7279CA-2239-4E25-95DE-4397F880A140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "7FC01169-4207-425D-B198-9935687FF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "23F7E156-EC15-4474-A23B-E24D6BFDA1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "4809209D-7FAE-431E-B266-A8571F327A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "874B3392-3FB6-4ED9-8F77-E8AA39102BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "F965EF21-3DB6-4E38-B851-649A286D2F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "59F59D6D-37FD-485B-A857-6BB17FACA21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "069CB609-C2CE-425C-B704-41617D02FD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "09E44F60-1661-4497-AFFE-DCF59F12365C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "F05E3BFA-535D-4BEE-B235-A6F03833005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "144DC09D-5D4B-4257-A7F0-90B6D50E13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "9DE1B4C1-BD1C-413A-88FF-65D068AEB5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "D2A5CAFF-093F-413F-8CAF-DD2B25D6F0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "020153C8-32A7-418A-A8FF-DD9E195BA37E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application."
},
{
"lang": "es",
"value": "SAP Business Client, versi\u00f3n 7.0, permite a un atacante, despu\u00e9s de un ataque exitoso de ingenier\u00eda social, inyectar c\u00f3digo malicioso ya que un archivo DLL en directorios no confiables puede ser ejecutado por la aplicaci\u00f3n, debido a un elemento de ruta de b\u00fasqueda no controlada. Un atacante podr\u00eda de este modo controlar el comportamiento de la aplicaci\u00f3n."
}
],
"id": "CVE-2020-6244",
"lastModified": "2025-05-27T16:50:33.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-12T18:15:13.973",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2911801"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2911801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "cna@sap.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-6228
Vulnerability from fkie_nvd - Published: 2020-04-14 19:15 - Updated: 2025-05-27 16:51
Severity ?
Summary
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2866752 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2866752 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4DCC2591-B6DC-4400-9232-0F8646CEA27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "E9BB1D96-1EC8-4799-9C8A-9E48C9A4F762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "2E6FBF7F-2837-4EDF-AF90-EA34E915DA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "7BE4ABDD-34A2-4E4B-B5C3-5928FA7CAF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "B359B4DF-DA66-411D-84A3-269288A966B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level13:*:*:*:*:*:*",
"matchCriteriaId": "E21CF0CE-75F5-4BF9-8817-2441C0C3EB86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level14:*:*:*:*:*:*",
"matchCriteriaId": "1B4FE977-F393-4D2C-90BE-7BD31E1A8A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level15:*:*:*:*:*:*",
"matchCriteriaId": "59416C9F-ED79-4A98-9F2D-35CA023FF657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level16:*:*:*:*:*:*",
"matchCriteriaId": "DCE4C725-C055-40B5-8557-4379F3BBAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level17:*:*:*:*:*:*",
"matchCriteriaId": "ABBC083A-A8F0-4F11-AE4B-20338C2E844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "A24B1283-F7DE-4190-9A46-9DE6A7B01CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "712154F8-A74C-4EBD-9B23-42446ABD58BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "185083BD-7975-4119-A79D-6FED53B761C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "803E4E68-9A63-4AC3-91F9-69170A1A50B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "77B2B1FA-CEFE-4488-A461-A461C042DBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "263EB3B6-A4C7-4E46-A330-2724DA293614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "08453B8F-81CA-4C61-91AB-FDE36B8C569E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.0:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "9FDBADC6-459B-4F28-BB1C-E1B35F3EE29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "D3017250-3230-49D8-A99F-E51B1FAA765B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "8458AB93-04B9-412F-8005-E83D2E0AB371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "867C19C8-8C54-46FE-B86B-CC4F6D889CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "4F6F91C1-4C10-46FE-B504-3CBFE321DBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "ACF0B13B-39A0-49CC-9CE9-D1976D4D0293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level13:*:*:*:*:*:*",
"matchCriteriaId": "E4CE7BCC-1544-4648-96C3-1EC673404664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level14:*:*:*:*:*:*",
"matchCriteriaId": "4632251A-3329-469A-93A6-10DE0F6FA37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level15:*:*:*:*:*:*",
"matchCriteriaId": "E8F004FD-6319-4C72-AECB-CD902E112AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level16:*:*:*:*:*:*",
"matchCriteriaId": "AE44C3F8-EA51-44C4-AE43-CB41842789AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level17:*:*:*:*:*:*",
"matchCriteriaId": "1EB8DE0F-4F1A-4716-91D7-57227962B1AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level18:*:*:*:*:*:*",
"matchCriteriaId": "40A7D341-021C-48DC-BA28-97A58D0099CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level19:*:*:*:*:*:*",
"matchCriteriaId": "C2DEBA9F-AD62-4DF6-8EA8-BB5C9068D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "2816D81F-3EC1-4601-BB63-87DA36513D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "95283C24-58A1-4413-B961-15D3302AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "DCF8C247-57B8-4F98-B35D-BC6BB967F89E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "BFFA9F1A-D738-4CF8-B3FE-9F00B69BC939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "FC7279CA-2239-4E25-95DE-4397F880A140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "7FC01169-4207-425D-B198-9935687FF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "23F7E156-EC15-4474-A23B-E24D6BFDA1BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "4809209D-7FAE-431E-B266-A8571F327A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "874B3392-3FB6-4ED9-8F77-E8AA39102BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "F965EF21-3DB6-4E38-B851-649A286D2F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "59F59D6D-37FD-485B-A857-6BB17FACA21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "069CB609-C2CE-425C-B704-41617D02FD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "09E44F60-1661-4497-AFFE-DCF59F12365C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "F05E3BFA-535D-4BEE-B235-A6F03833005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:7.0:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "144DC09D-5D4B-4257-A7F0-90B6D50E13D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer."
},
{
"lang": "es",
"value": "SAP Business Client, versiones 6.5, 7.0, no lleva a cabo las comprobaciones de integridad necesarias que podr\u00edan ser explotadas por un atacante bajo determinadas condiciones para modificar el instalador."
}
],
"id": "CVE-2020-6228",
"lastModified": "2025-05-27T16:51:05.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-14T19:15:17.750",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2866752"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2866752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-2398
Vulnerability from fkie_nvd - Published: 2018-03-14 19:29 - Updated: 2025-05-27 16:51
Severity ?
Summary
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/103370 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/ | Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2580967 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103370 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2580967 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | business_client | 6.5 | |
| sap | business_client | 6.5 | |
| sap | business_client | 6.5 | |
| sap | business_client | 6.5 | |
| sap | business_client | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "D3017250-3230-49D8-A99F-E51B1FAA765B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "8458AB93-04B9-412F-8005-E83D2E0AB371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "2816D81F-3EC1-4601-BB63-87DA36513D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "95283C24-58A1-4413-B961-15D3302AE7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:business_client:6.5:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "DCF8C247-57B8-4F98-B35D-BC6BB967F89E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted."
},
{
"lang": "es",
"value": "En ciertas condiciones, SAP Business Client 6.5 permite que un atacante acceda a informaci\u00f3n que normalmente estar\u00eda restringida."
}
],
"id": "CVE-2018-2398",
"lastModified": "2025-05-27T16:51:26.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 4.7,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T19:29:00.313",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103370"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2580967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2580967"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-38150 (GCVE-0-2021-38150)
Vulnerability from cvelistv5 – Published: 2021-09-14 11:14 – Updated: 2024-08-04 01:37
VLAI?
Summary
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
Severity ?
6.1 (Medium)
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
< 7.0
Affected: < 7.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0"
},
{
"status": "affected",
"version": "\u003c 7.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T11:14:59",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-38150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.0"
},
{
"version_name": "\u003c",
"version_value": "7.70"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3060621",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-38150",
"datePublished": "2021-09-14T11:14:59",
"dateReserved": "2021-08-06T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6244 (GCVE-0-2020-6244)
Vulnerability from cvelistv5 – Published: 2020-05-12 17:54 – Updated: 2024-08-04 08:55
VLAI?
Summary
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
< 7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2911801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T17:54:36",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2911801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.0",
"vectorString": "CVSS:/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2911801",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2911801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6244",
"datePublished": "2020-05-12T17:54:36",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T08:55:22.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6228 (GCVE-0-2020-6228)
Vulnerability from cvelistv5 – Published: 2020-04-14 18:32 – Updated: 2024-08-04 08:55
VLAI?
Summary
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.
Severity ?
5.3 (Medium)
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
< 6.5
Affected: < 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2866752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5"
},
{
"status": "affected",
"version": "\u003c 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T18:32:25",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2866752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "6.5"
},
{
"version_name": "\u003c",
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2866752",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2866752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6228",
"datePublished": "2020-04-14T18:32:25",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T08:55:22.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2398 (GCVE-0-2018-2398)
Vulnerability from cvelistv5 – Published: 2018-03-14 19:00 – Updated: 2024-08-05 04:21
VLAI?
Summary
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
Severity ?
6.7 (Medium)
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
6.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2580967"
},
{
"name": "103370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "6.5"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2580967"
},
{
"name": "103370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2580967",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2580967"
},
{
"name": "103370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2398",
"datePublished": "2018-03-14T19:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:32.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38150 (GCVE-0-2021-38150)
Vulnerability from nvd – Published: 2021-09-14 11:14 – Updated: 2024-08-04 01:37
VLAI?
Summary
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
Severity ?
6.1 (Medium)
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
< 7.0
Affected: < 7.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0"
},
{
"status": "affected",
"version": "\u003c 7.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T11:14:59",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-38150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.0"
},
{
"version_name": "\u003c",
"version_value": "7.70"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3060621",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3060621"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-38150",
"datePublished": "2021-09-14T11:14:59",
"dateReserved": "2021-08-06T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6244 (GCVE-0-2020-6244)
Vulnerability from nvd – Published: 2020-05-12 17:54 – Updated: 2024-08-04 08:55
VLAI?
Summary
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
< 7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2911801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-12T17:54:36",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2911801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.0",
"vectorString": "CVSS:/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2911801",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2911801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6244",
"datePublished": "2020-05-12T17:54:36",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T08:55:22.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6228 (GCVE-0-2020-6228)
Vulnerability from nvd – Published: 2020-04-14 18:32 – Updated: 2024-08-04 08:55
VLAI?
Summary
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.
Severity ?
5.3 (Medium)
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
< 6.5
Affected: < 7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2866752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5"
},
{
"status": "affected",
"version": "\u003c 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T18:32:25",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2866752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "6.5"
},
{
"version_name": "\u003c",
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2866752",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2866752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6228",
"datePublished": "2020-04-14T18:32:25",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T08:55:22.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2398 (GCVE-0-2018-2398)
Vulnerability from nvd – Published: 2018-03-14 19:00 – Updated: 2024-08-05 04:21
VLAI?
Summary
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
Severity ?
6.7 (Medium)
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Client |
Affected:
6.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2580967"
},
{
"name": "103370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business Client",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "6.5"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2580967"
},
{
"name": "103370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business Client",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2580967",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2580967"
},
{
"name": "103370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2398",
"datePublished": "2018-03-14T19:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:32.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}