fkie_cve-2025-0055
Vulnerability from fkie_nvd
Published
2025-01-14 01:15
Modified
2025-01-14 01:15
Severity ?
Summary
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.", }, { lang: "es", value: "SAP GUI para Windows almacena la información ingresada por el usuario en la PC del cliente para mejorar la usabilidad. En circunstancias muy específicas, un atacante con privilegios administrativos o acceso al directorio de usuarios de la víctima en el nivel del sistema operativo podría leer estos datos. Dependiendo de la información ingresada por el usuario en las transacciones, los datos divulgados podrían variar desde datos no críticos hasta datos altamente sensibles, lo que causaría un alto impacto en la confidencialidad de la aplicación.", }, ], id: "CVE-2025-0055", lastModified: "2025-01-14T01:15:15.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 4, source: "cna@sap.com", type: "Secondary", }, ], }, published: "2025-01-14T01:15:15.570", references: [ { source: "cna@sap.com", url: "https://me.sap.com/notes/3472837", }, { source: "cna@sap.com", url: "https://url.sap/sapsecuritypatchday", }, ], sourceIdentifier: "cna@sap.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-497", }, ], source: "cna@sap.com", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.