Search criteria
15 vulnerabilities found for gui_for_windows by sap
FKIE_CVE-2024-39600
Vulnerability from fkie_nvd - Published: 2024-07-09 05:15 - Updated: 2025-01-22 18:33
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Summary
Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://me.sap.com/notes/3461110 | Permissions Required | |
| cna@sap.com | https://url.sap/sapsecuritypatchday | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://me.sap.com/notes/3461110 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://url.sap/sapsecuritypatchday | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | gui_for_windows | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74ED382C-6C84-4C2F-BF8E-51AC10DB3611",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability."
},
{
"lang": "es",
"value": "Bajo ciertas condiciones, la memoria de SAP GUI para Windows contiene la contrase\u00f1a utilizada para iniciar sesi\u00f3n en un sistema SAP, lo que podr\u00eda permitir a un atacante obtener la contrase\u00f1a y hacerse pasar por el usuario afectado. Como resultado, tiene un alto impacto en la confidencialidad pero no hay impacto en la integridad y disponibilidad."
}
],
"id": "CVE-2024-39600",
"lastModified": "2025-01-22T18:33:47.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 4.0,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-09T05:15:13.147",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3461110"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://url.sap/sapsecuritypatchday"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3461110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://url.sap/sapsecuritypatchday"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cna@sap.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-32113
Vulnerability from fkie_nvd - Published: 2023-05-09 02:15 - Updated: 2024-11-21 08:02
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3320467 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3320467 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | gui_for_windows | * | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 8.0 | |
| sap | gui_for_windows | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44424F57-EDAC-42EE-8C29-F9AA09301A46",
"versionEndExcluding": "7.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:-:*:*:*:*:*:*",
"matchCriteriaId": "FE1286F1-B9A5-4F25-B083-272943D90023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "FF605CA1-E860-4185-A358-FE967E0DE408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "5D569EBA-CE95-436E-BB48-D2EF55DD9D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "A81A5609-2ADD-4714-8783-27BC417346D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "181183AC-5621-4895-82E1-E91D9DCAB69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "DD057E0A-C836-46ED-ACB3-1C80CECACD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "2AEA7D81-E487-4B85-81FF-338E2C48D282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "4114FB5F-DE93-4C1F-80E2-08ADC51BC2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "F65D7775-75DC-4F88-AC76-C4EEC59A2DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "02EC1177-F290-4488-B365-F107A7CBBA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "532B87F7-19BF-4956-A0A6-4F76755EF1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "662D074A-F79A-4936-925E-54C7DDC45BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A69E51CD-C3D1-4B66-94AA-45B2A848912C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:8.0:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "6E736149-FB18-47E7-B6DA-6459D4AC235D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\n\n"
}
],
"id": "CVE-2023-32113",
"lastModified": "2024-11-21T08:02:44.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.8,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-09T02:15:12.873",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3320467"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3320467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
FKIE_CVE-2021-40503
Vulnerability from fkie_nvd - Published: 2021-11-10 16:15 - Updated: 2024-11-21 06:24
Severity ?
Summary
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3080106 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3080106 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | gui_for_windows | * | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 | |
| sap | gui_for_windows | 7.70 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603CB0D2-BEA4-4414-AE50-39F9A8E568F2",
"versionEndExcluding": "7.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:-:*:*:*:*:*:*",
"matchCriteriaId": "FA071418-F2F0-4530-94C0-94D9295FED83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "E27CD53C-8CA1-4204-829D-3343AC4565B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level10:*:*:*:*:*:*",
"matchCriteriaId": "0D89F8F8-929B-4D17-B921-CAB3CA2FD405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level11:*:*:*:*:*:*",
"matchCriteriaId": "41F78A30-CD1A-4F6D-85DF-26FAF4BCF3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level12:*:*:*:*:*:*",
"matchCriteriaId": "F9E07A43-B98A-4E56-B32D-CC6768AAA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "1E0246DF-E354-4191-91DA-99880E1BD08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "140210E1-95C6-4EB5-A854-44E9EA03DD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "0FD672D2-D67A-4576-8F9B-92177AF51151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "AE686D3C-E814-42D6-9F33-839763B53968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "711DE87F-72AA-4A6F-8F53-18758A195ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "8E44C0EE-8ED0-42E8-81FB-7FE7FC9308E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "98A928B5-F8AA-4CD0-A8A5-D4E04AB3856A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8_hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "9415406D-32AF-41EB-A351-2DE0306657DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "C7B83282-AD56-455F-9979-4F4D145F9798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:-:*:*:*:*:*:*",
"matchCriteriaId": "FE1286F1-B9A5-4F25-B083-272943D90023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "FF605CA1-E860-4185-A358-FE967E0DE408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "181183AC-5621-4895-82E1-E91D9DCAB69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "DD057E0A-C836-46ED-ACB3-1C80CECACD60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en SAP GUI para Windows - versiones anteriores a 7.60 PL13, 7.70 PL4, que permite a un atacante con privilegios suficientes en el PC local del lado del cliente obtener un equivalente de la contrase\u00f1a del usuario. Con estos datos altamente confidenciales filtrados, el atacante podr\u00eda iniciar la sesi\u00f3n en el sistema backend al que estaba conectada la SAP GUI para Windows y lanzar otros ataques en funci\u00f3n de las autorizaciones del usuario"
}
],
"id": "CVE-2021-40503",
"lastModified": "2024-11-21T06:24:16.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-10T16:15:08.757",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-27612
Vulnerability from fkie_nvd - Published: 2021-05-11 15:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3023078 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3023078 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.60 | |
| sap | gui_for_windows | 7.70 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:-:*:*:*:*:*:*",
"matchCriteriaId": "FA071418-F2F0-4530-94C0-94D9295FED83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level1:*:*:*:*:*:*",
"matchCriteriaId": "E27CD53C-8CA1-4204-829D-3343AC4565B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level2:*:*:*:*:*:*",
"matchCriteriaId": "1E0246DF-E354-4191-91DA-99880E1BD08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level3:*:*:*:*:*:*",
"matchCriteriaId": "140210E1-95C6-4EB5-A854-44E9EA03DD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level4:*:*:*:*:*:*",
"matchCriteriaId": "0FD672D2-D67A-4576-8F9B-92177AF51151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level5:*:*:*:*:*:*",
"matchCriteriaId": "AE686D3C-E814-42D6-9F33-839763B53968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level6:*:*:*:*:*:*",
"matchCriteriaId": "711DE87F-72AA-4A6F-8F53-18758A195ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level7:*:*:*:*:*:*",
"matchCriteriaId": "8E44C0EE-8ED0-42E8-81FB-7FE7FC9308E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8:*:*:*:*:*:*",
"matchCriteriaId": "98A928B5-F8AA-4CD0-A8A5-D4E04AB3856A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8_hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "9415406D-32AF-41EB-A351-2DE0306657DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level9:*:*:*:*:*:*",
"matchCriteriaId": "C7B83282-AD56-455F-9979-4F4D145F9798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:-:*:*:*:*:*:*",
"matchCriteriaId": "FE1286F1-B9A5-4F25-B083-272943D90023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim."
},
{
"lang": "es",
"value": "En situaciones espec\u00edficas, SAP GUI para Windows hasta e incluyendo las versiones 7.60 PL9, 7.70 PL0, reenv\u00eda a un usuario a un sitio web malicioso espec\u00edfico que podr\u00eda contener malware o podr\u00eda conllevar a ataques de phishing para robar las credenciales de la v\u00edctima"
}
],
"id": "CVE-2021-27612",
"lastModified": "2024-11-21T05:58:17.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T15:15:08.263",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3023078"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3023078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6950
Vulnerability from fkie_nvd - Published: 2017-03-23 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | gui_for_windows | 7.20 | |
| sap | gui_for_windows | 7.30 | |
| sap | gui_for_windows | 7.40_core_sp00-sp011 | |
| sap | gui_for_windows | 7.50_core_sp000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "57EA7021-A564-443A-A729-F4D3A5D98385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "AF02ECA8-5DDA-4903-9DCE-A62A062893AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.40_core_sp00-sp011:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB558AC-A963-4AA3-A4AF-D581754F2123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gui_for_windows:7.50_core_sp000:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD962FB-BDC3-454E-B1AB-8E129F81CFCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616."
},
{
"lang": "es",
"value": "SAP GUI 7.2 hasta la versi\u00f3n 7.5 permite a atacantes remotos eludir las restricciones de pol\u00edtica de seguridad previstas y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un c\u00f3digo ABAP manipulado, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2407616."
}
],
"id": "CVE-2017-6950",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T20:59:00.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96872"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038122"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-39600 (GCVE-0-2024-39600)
Vulnerability from cvelistv5 – Published: 2024-07-09 04:19 – Updated: 2024-08-02 04:26
VLAI?
Summary
Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.
Severity ?
5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP GUI for Windows |
Affected:
BC-FES-GUI 8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T15:13:45.725094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:13:54.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://url.sap/sapsecuritypatchday"
},
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3461110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP GUI for Windows",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "BC-FES-GUI 8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability.\n\n\n\n"
}
],
"value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T04:19:47.498Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3461110"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-39600",
"datePublished": "2024-07-09T04:19:47.498Z",
"dateReserved": "2024-06-26T09:58:24.096Z",
"dateUpdated": "2024-08-02T04:26:16.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32113 (GCVE-0-2023-32113)
Vulnerability from cvelistv5 – Published: 2023-05-09 01:41 – Updated: 2025-01-28 19:03
VLAI?
Summary
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP GUI for Windows |
Affected:
<= 7.70
Affected: 7.70 PL0 , ≤ 7.70 PL11 (custom) Affected: 8.00 PL0 , ≤ 8.00 PL1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3320467"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:03:31.530001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:03:43.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP GUI for Windows",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "\u003c= 7.70"
},
{
"lessThanOrEqual": "7.70 PL11",
"status": "affected",
"version": "7.70 PL0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.00 PL1",
"status": "affected",
"version": "8.00 PL0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\u003c/p\u003e"
}
],
"value": "SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T21:51:09.272Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3320467"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in SAP GUI for Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-32113",
"datePublished": "2023-05-09T01:41:52.722Z",
"dateReserved": "2023-05-03T14:48:13.764Z",
"dateUpdated": "2025-01-28T19:03:43.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40503 (GCVE-0-2021-40503)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:27 – Updated: 2024-08-04 02:44
VLAI?
Summary
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP GUI for Windows |
Affected:
< 7.60 PL13
Affected: < 7.70 PL4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP GUI for Windows",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.60 PL13"
},
{
"status": "affected",
"version": "\u003c 7.70 PL4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:27:28",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "\u003c 7.60 PL13"
},
{
"version_name": "\u003c",
"version_value": "\u003c 7.70 PL4"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3080106",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40503",
"datePublished": "2021-11-10T15:27:28",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27612 (GCVE-0-2021-27612)
Vulnerability from cvelistv5 – Published: 2021-05-11 14:19 – Updated: 2024-08-03 21:26
VLAI?
Summary
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
Severity ?
CWE
- URL Redirection to Untrusted Site
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP GUI for Windows |
Affected:
< 7.60 PL10
Affected: < 7.70 PL1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3023078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP GUI for Windows",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.60 PL10"
},
{
"status": "affected",
"version": "\u003c 7.70 PL1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection to Untrusted Site",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:39:18",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3023078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-27612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.60 PL10"
},
{
"version_name": "\u003c",
"version_value": "7.70 PL1"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.4",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3023078",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3023078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27612",
"datePublished": "2021-05-11T14:19:33",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6950 (GCVE-0-2017-6950)
Vulnerability from cvelistv5 – Published: 2017-03-23 20:00 – Updated: 2024-08-05 15:49
VLAI?
Summary
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:49:01.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
},
{
"name": "96872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
},
{
"name": "96872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038122"
},
{
"name": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
},
{
"name": "96872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6950",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2017-03-16T00:00:00",
"dateUpdated": "2024-08-05T15:49:01.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39600 (GCVE-0-2024-39600)
Vulnerability from nvd – Published: 2024-07-09 04:19 – Updated: 2024-08-02 04:26
VLAI?
Summary
Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.
Severity ?
5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP GUI for Windows |
Affected:
BC-FES-GUI 8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T15:13:45.725094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:13:54.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://url.sap/sapsecuritypatchday"
},
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3461110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP GUI for Windows",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "BC-FES-GUI 8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability.\n\n\n\n"
}
],
"value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T04:19:47.498Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://url.sap/sapsecuritypatchday"
},
{
"url": "https://me.sap.com/notes/3461110"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-39600",
"datePublished": "2024-07-09T04:19:47.498Z",
"dateReserved": "2024-06-26T09:58:24.096Z",
"dateUpdated": "2024-08-02T04:26:16.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32113 (GCVE-0-2023-32113)
Vulnerability from nvd – Published: 2023-05-09 01:41 – Updated: 2025-01-28 19:03
VLAI?
Summary
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP GUI for Windows |
Affected:
<= 7.70
Affected: 7.70 PL0 , ≤ 7.70 PL11 (custom) Affected: 8.00 PL0 , ≤ 8.00 PL1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3320467"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:03:31.530001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:03:43.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP GUI for Windows",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "\u003c= 7.70"
},
{
"lessThanOrEqual": "7.70 PL11",
"status": "affected",
"version": "7.70 PL0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.00 PL1",
"status": "affected",
"version": "8.00 PL0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\u003c/p\u003e"
}
],
"value": "SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T21:51:09.272Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3320467"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in SAP GUI for Windows",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-32113",
"datePublished": "2023-05-09T01:41:52.722Z",
"dateReserved": "2023-05-03T14:48:13.764Z",
"dateUpdated": "2025-01-28T19:03:43.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40503 (GCVE-0-2021-40503)
Vulnerability from nvd – Published: 2021-11-10 15:27 – Updated: 2024-08-04 02:44
VLAI?
Summary
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP GUI for Windows |
Affected:
< 7.60 PL13
Affected: < 7.70 PL4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP GUI for Windows",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.60 PL13"
},
{
"status": "affected",
"version": "\u003c 7.70 PL4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:27:28",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "\u003c 7.60 PL13"
},
{
"version_name": "\u003c",
"version_value": "\u003c 7.70 PL4"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3080106",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40503",
"datePublished": "2021-11-10T15:27:28",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27612 (GCVE-0-2021-27612)
Vulnerability from nvd – Published: 2021-05-11 14:19 – Updated: 2024-08-03 21:26
VLAI?
Summary
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
Severity ?
CWE
- URL Redirection to Untrusted Site
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP GUI for Windows |
Affected:
< 7.60 PL10
Affected: < 7.70 PL1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3023078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP GUI for Windows",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.60 PL10"
},
{
"status": "affected",
"version": "\u003c 7.70 PL1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection to Untrusted Site",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:39:18",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3023078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-27612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.60 PL10"
},
{
"version_name": "\u003c",
"version_value": "7.70 PL1"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.4",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3023078",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3023078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27612",
"datePublished": "2021-05-11T14:19:33",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6950 (GCVE-0-2017-6950)
Vulnerability from nvd – Published: 2017-03-23 20:00 – Updated: 2024-08-05 15:49
VLAI?
Summary
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:49:01.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
},
{
"name": "96872",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
},
{
"name": "96872",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038122"
},
{
"name": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/"
},
{
"name": "96872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6950",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2017-03-16T00:00:00",
"dateUpdated": "2024-08-05T15:49:01.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}