Vulnerabilites related to sap - gui_for_windows
Vulnerability from fkie_nvd
Published
2023-05-09 02:15
Modified
2024-11-21 08:02
Severity ?
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
References
▶ | URL | Tags | |
---|---|---|---|
cna@sap.com | https://launchpad.support.sap.com/#/notes/3320467 | Permissions Required, Vendor Advisory | |
cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3320467 | Permissions Required, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sap | gui_for_windows | * | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 8.0 | |
sap | gui_for_windows | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:gui_for_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "44424F57-EDAC-42EE-8C29-F9AA09301A46", "versionEndExcluding": "7.70", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:-:*:*:*:*:*:*", "matchCriteriaId": "FE1286F1-B9A5-4F25-B083-272943D90023", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level1:*:*:*:*:*:*", "matchCriteriaId": "FF605CA1-E860-4185-A358-FE967E0DE408", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level10:*:*:*:*:*:*", "matchCriteriaId": "5D569EBA-CE95-436E-BB48-D2EF55DD9D30", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level11:*:*:*:*:*:*", "matchCriteriaId": "A81A5609-2ADD-4714-8783-27BC417346D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level2:*:*:*:*:*:*", "matchCriteriaId": "181183AC-5621-4895-82E1-E91D9DCAB69A", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level3:*:*:*:*:*:*", "matchCriteriaId": "DD057E0A-C836-46ED-ACB3-1C80CECACD60", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level4:*:*:*:*:*:*", "matchCriteriaId": "2AEA7D81-E487-4B85-81FF-338E2C48D282", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level5:*:*:*:*:*:*", "matchCriteriaId": "4114FB5F-DE93-4C1F-80E2-08ADC51BC2B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level6:*:*:*:*:*:*", "matchCriteriaId": "F65D7775-75DC-4F88-AC76-C4EEC59A2DE4", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level7:*:*:*:*:*:*", "matchCriteriaId": "02EC1177-F290-4488-B365-F107A7CBBA09", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level8:*:*:*:*:*:*", "matchCriteriaId": "532B87F7-19BF-4956-A0A6-4F76755EF1F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level9:*:*:*:*:*:*", "matchCriteriaId": "662D074A-F79A-4936-925E-54C7DDC45BB4", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:8.0:-:*:*:*:*:*:*", "matchCriteriaId": "A69E51CD-C3D1-4B66-94AA-45B2A848912C", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:8.0:patch_level1:*:*:*:*:*:*", "matchCriteriaId": "6E736149-FB18-47E7-B6DA-6459D4AC235D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\n\n" } ], "id": "CVE-2023-32113", "lastModified": "2024-11-21T08:02:44.100", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.8, "source": "cna@sap.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-05-09T02:15:12.873", "references": [ { "source": "cna@sap.com", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://launchpad.support.sap.com/#/notes/3320467" }, { "source": "cna@sap.com", "tags": [ "Vendor Advisory" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://launchpad.support.sap.com/#/notes/3320467" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "cna@sap.com", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-05-11 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
References
▶ | URL | Tags | |
---|---|---|---|
cna@sap.com | https://launchpad.support.sap.com/#/notes/3023078 | Permissions Required, Vendor Advisory | |
cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3023078 | Permissions Required, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.70 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:-:*:*:*:*:*:*", "matchCriteriaId": "FA071418-F2F0-4530-94C0-94D9295FED83", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level1:*:*:*:*:*:*", "matchCriteriaId": "E27CD53C-8CA1-4204-829D-3343AC4565B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level2:*:*:*:*:*:*", "matchCriteriaId": "1E0246DF-E354-4191-91DA-99880E1BD08A", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level3:*:*:*:*:*:*", "matchCriteriaId": "140210E1-95C6-4EB5-A854-44E9EA03DD27", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level4:*:*:*:*:*:*", "matchCriteriaId": "0FD672D2-D67A-4576-8F9B-92177AF51151", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level5:*:*:*:*:*:*", "matchCriteriaId": "AE686D3C-E814-42D6-9F33-839763B53968", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level6:*:*:*:*:*:*", "matchCriteriaId": "711DE87F-72AA-4A6F-8F53-18758A195ED3", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level7:*:*:*:*:*:*", "matchCriteriaId": "8E44C0EE-8ED0-42E8-81FB-7FE7FC9308E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8:*:*:*:*:*:*", "matchCriteriaId": "98A928B5-F8AA-4CD0-A8A5-D4E04AB3856A", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8_hotfix1:*:*:*:*:*:*", "matchCriteriaId": "9415406D-32AF-41EB-A351-2DE0306657DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level9:*:*:*:*:*:*", "matchCriteriaId": "C7B83282-AD56-455F-9979-4F4D145F9798", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:-:*:*:*:*:*:*", "matchCriteriaId": "FE1286F1-B9A5-4F25-B083-272943D90023", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim." }, { "lang": "es", "value": "En situaciones espec\u00edficas, SAP GUI para Windows hasta e incluyendo las versiones 7.60 PL9, 7.70 PL0, reenv\u00eda a un usuario a un sitio web malicioso espec\u00edfico que podr\u00eda contener malware o podr\u00eda conllevar a ataques de phishing para robar las credenciales de la v\u00edctima" } ], "id": "CVE-2021-27612", "lastModified": "2024-11-21T05:58:17.800", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-05-11T15:15:08.263", "references": [ { "source": "cna@sap.com", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://launchpad.support.sap.com/#/notes/3023078" }, { "source": "cna@sap.com", "tags": [ "Vendor Advisory" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://launchpad.support.sap.com/#/notes/3023078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" } ], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-601" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-07-09 05:15
Modified
2025-01-22 18:33
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Summary
Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.
References
▶ | URL | Tags | |
---|---|---|---|
cna@sap.com | https://me.sap.com/notes/3461110 | Permissions Required | |
cna@sap.com | https://url.sap/sapsecuritypatchday | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://me.sap.com/notes/3461110 | Permissions Required | |
af854a3a-2127-422b-91ae-364da2661108 | https://url.sap/sapsecuritypatchday | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sap | gui_for_windows | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:gui_for_windows:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "74ED382C-6C84-4C2F-BF8E-51AC10DB3611", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability." }, { "lang": "es", "value": "Bajo ciertas condiciones, la memoria de SAP GUI para Windows contiene la contrase\u00f1a utilizada para iniciar sesi\u00f3n en un sistema SAP, lo que podr\u00eda permitir a un atacante obtener la contrase\u00f1a y hacerse pasar por el usuario afectado. Como resultado, tiene un alto impacto en la confidencialidad pero no hay impacto en la integridad y disponibilidad." } ], "id": "CVE-2024-39600", "lastModified": "2025-01-22T18:33:47.870", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 0.6, "impactScore": 4.0, "source": "cna@sap.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-07-09T05:15:13.147", "references": [ { "source": "cna@sap.com", "tags": [ "Permissions Required" ], "url": "https://me.sap.com/notes/3461110" }, { "source": "cna@sap.com", "tags": [ "Vendor Advisory" ], "url": "https://url.sap/sapsecuritypatchday" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required" ], "url": "https://me.sap.com/notes/3461110" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://url.sap/sapsecuritypatchday" } ], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "cna@sap.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-03-23 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sap | gui_for_windows | 7.20 | |
sap | gui_for_windows | 7.30 | |
sap | gui_for_windows | 7.40_core_sp00-sp011 | |
sap | gui_for_windows | 7.50_core_sp000 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.20:*:*:*:*:*:*:*", "matchCriteriaId": "57EA7021-A564-443A-A729-F4D3A5D98385", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "AF02ECA8-5DDA-4903-9DCE-A62A062893AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.40_core_sp00-sp011:*:*:*:*:*:*:*", "matchCriteriaId": "0BB558AC-A963-4AA3-A4AF-D581754F2123", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.50_core_sp000:*:*:*:*:*:*:*", "matchCriteriaId": "ADD962FB-BDC3-454E-B1AB-8E129F81CFCF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616." }, { "lang": "es", "value": "SAP GUI 7.2 hasta la versi\u00f3n 7.5 permite a atacantes remotos eludir las restricciones de pol\u00edtica de seguridad previstas y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un c\u00f3digo ABAP manipulado, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2407616." } ], "id": "CVE-2017-6950", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-03-23T20:59:00.877", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96872" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038122" }, { "source": "cve@mitre.org", "url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96872" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038122" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-732" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-11-10 16:15
Modified
2024-11-21 06:24
Severity ?
Summary
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
References
▶ | URL | Tags | |
---|---|---|---|
cna@sap.com | https://launchpad.support.sap.com/#/notes/3080106 | Permissions Required, Vendor Advisory | |
cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3080106 | Permissions Required, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sap | gui_for_windows | * | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.60 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 | |
sap | gui_for_windows | 7.70 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:gui_for_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "603CB0D2-BEA4-4414-AE50-39F9A8E568F2", "versionEndExcluding": "7.60", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:-:*:*:*:*:*:*", "matchCriteriaId": "FA071418-F2F0-4530-94C0-94D9295FED83", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level1:*:*:*:*:*:*", "matchCriteriaId": "E27CD53C-8CA1-4204-829D-3343AC4565B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level10:*:*:*:*:*:*", "matchCriteriaId": "0D89F8F8-929B-4D17-B921-CAB3CA2FD405", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level11:*:*:*:*:*:*", "matchCriteriaId": "41F78A30-CD1A-4F6D-85DF-26FAF4BCF3AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level12:*:*:*:*:*:*", "matchCriteriaId": "F9E07A43-B98A-4E56-B32D-CC6768AAA937", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level2:*:*:*:*:*:*", "matchCriteriaId": "1E0246DF-E354-4191-91DA-99880E1BD08A", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level3:*:*:*:*:*:*", "matchCriteriaId": "140210E1-95C6-4EB5-A854-44E9EA03DD27", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level4:*:*:*:*:*:*", "matchCriteriaId": "0FD672D2-D67A-4576-8F9B-92177AF51151", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level5:*:*:*:*:*:*", "matchCriteriaId": "AE686D3C-E814-42D6-9F33-839763B53968", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level6:*:*:*:*:*:*", "matchCriteriaId": "711DE87F-72AA-4A6F-8F53-18758A195ED3", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level7:*:*:*:*:*:*", "matchCriteriaId": "8E44C0EE-8ED0-42E8-81FB-7FE7FC9308E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8:*:*:*:*:*:*", "matchCriteriaId": "98A928B5-F8AA-4CD0-A8A5-D4E04AB3856A", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level8_hotfix1:*:*:*:*:*:*", "matchCriteriaId": "9415406D-32AF-41EB-A351-2DE0306657DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.60:patch_level9:*:*:*:*:*:*", "matchCriteriaId": "C7B83282-AD56-455F-9979-4F4D145F9798", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:-:*:*:*:*:*:*", "matchCriteriaId": "FE1286F1-B9A5-4F25-B083-272943D90023", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level1:*:*:*:*:*:*", "matchCriteriaId": "FF605CA1-E860-4185-A358-FE967E0DE408", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level2:*:*:*:*:*:*", "matchCriteriaId": "181183AC-5621-4895-82E1-E91D9DCAB69A", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:gui_for_windows:7.70:patch_level3:*:*:*:*:*:*", "matchCriteriaId": "DD057E0A-C836-46ED-ACB3-1C80CECACD60", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user." }, { "lang": "es", "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en SAP GUI para Windows - versiones anteriores a 7.60 PL13, 7.70 PL4, que permite a un atacante con privilegios suficientes en el PC local del lado del cliente obtener un equivalente de la contrase\u00f1a del usuario. Con estos datos altamente confidenciales filtrados, el atacante podr\u00eda iniciar la sesi\u00f3n en el sistema backend al que estaba conectada la SAP GUI para Windows y lanzar otros ataques en funci\u00f3n de las autorizaciones del usuario" } ], "id": "CVE-2021-40503", "lastModified": "2024-11-21T06:24:16.697", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-11-10T16:15:08.757", "references": [ { "source": "cna@sap.com", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://launchpad.support.sap.com/#/notes/3080106" }, { "source": "cna@sap.com", "tags": [ "Vendor Advisory" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://launchpad.support.sap.com/#/notes/3080106" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" } ], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-522" } ], "source": "cna@sap.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-522" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
CVE-2023-32113 (GCVE-0-2023-32113)
Vulnerability from cvelistv5
Published
2023-05-09 01:41
Modified
2025-01-28 19:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP_SE | SAP GUI for Windows |
Version: <= 7.70 Version: 7.70 PL0 < Version: 8.00 PL0 < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:03:28.857Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3320467" }, { "tags": [ "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-32113", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-28T19:03:31.530001Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-28T19:03:43.194Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP GUI for Windows", "vendor": "SAP_SE", "versions": [ { "status": "affected", "version": "\u003c= 7.70" }, { "lessThanOrEqual": "7.70 PL11", "status": "affected", "version": "7.70 PL0", "versionType": "custom" }, { "lessThanOrEqual": "8.00 PL1", "status": "affected", "version": "8.00 PL0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eSAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\u003c/p\u003e" } ], "value": "SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "eng", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-12T21:51:09.272Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "url": "https://launchpad.support.sap.com/#/notes/3320467" }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Information Disclosure vulnerability in SAP GUI for Windows", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2023-32113", "datePublished": "2023-05-09T01:41:52.722Z", "dateReserved": "2023-05-03T14:48:13.764Z", "dateUpdated": "2025-01-28T19:03:43.194Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-6950 (GCVE-0-2017-6950)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-05 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T15:49:01.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1038122", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038122" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/" }, { "name": "96872", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96872" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-14T00:00:00", "descriptions": [ { "lang": "en", "value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-10T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1038122", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038122" }, { "tags": [ "x_refsource_MISC" ], "url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/" }, { "name": "96872", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96872" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-6950", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1038122", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038122" }, { "name": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/", "refsource": "MISC", "url": "https://erpscan.io/advisories/erpscan-17-011-sap-gui-versions-remote-code-execution-bypass-security-policy/" }, { "name": "96872", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96872" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-6950", "datePublished": "2017-03-23T20:00:00", "dateReserved": "2017-03-16T00:00:00", "dateUpdated": "2024-08-05T15:49:01.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39600 (GCVE-0-2024-39600)
Vulnerability from cvelistv5
Published
2024-07-09 04:19
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP_SE | SAP GUI for Windows |
Version: BC-FES-GUI 8 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39600", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T15:13:45.725094Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T15:13:54.457Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:16.037Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://url.sap/sapsecuritypatchday" }, { "tags": [ "x_transferred" ], "url": "https://me.sap.com/notes/3461110" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP GUI for Windows", "vendor": "SAP_SE", "versions": [ { "status": "affected", "version": "BC-FES-GUI 8" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability.\n\n\n\n" } ], "value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T04:19:47.498Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "url": "https://url.sap/sapsecuritypatchday" }, { "url": "https://me.sap.com/notes/3461110" } ], "source": { "discovery": "UNKNOWN" }, "title": "[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2024-39600", "datePublished": "2024-07-09T04:19:47.498Z", "dateReserved": "2024-06-26T09:58:24.096Z", "dateUpdated": "2024-08-02T04:26:16.037Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-40503 (GCVE-0-2021-40503)
Vulnerability from cvelistv5
Published
2021-11-10 15:27
Modified
2024-08-04 02:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP GUI for Windows |
Version: < 7.60 PL13 Version: < 7.70 PL4 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:44:10.837Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3080106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP GUI for Windows", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "\u003c 7.60 PL13" }, { "status": "affected", "version": "\u003c 7.70 PL4" } ] } ], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-10T15:27:28", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" }, { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3080106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2021-40503", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP GUI for Windows", "version": { "version_data": [ { "version_name": "\u003c", "version_value": "\u003c 7.60 PL13" }, { "version_name": "\u003c", "version_value": "\u003c 7.70 PL4" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-522" } ] } ] }, "references": { "reference_data": [ { "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864" }, { "name": "https://launchpad.support.sap.com/#/notes/3080106", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3080106" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2021-40503", "datePublished": "2021-11-10T15:27:28", "dateReserved": "2021-09-03T00:00:00", "dateUpdated": "2024-08-04T02:44:10.837Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-27612 (GCVE-0-2021-27612)
Vulnerability from cvelistv5
Published
2021-05-11 14:19
Modified
2024-08-03 21:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- URL Redirection to Untrusted Site
Summary
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
SAP SE | SAP GUI for Windows |
Version: < 7.60 PL10 Version: < 7.70 PL1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:26:10.276Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3023078" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP GUI for Windows", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "\u003c 7.60 PL10" }, { "status": "affected", "version": "\u003c 7.70 PL1" } ] } ], "descriptions": [ { "lang": "en", "value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "URL Redirection to Untrusted Site", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-16T11:39:18", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" }, { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3023078" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2021-27612", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP GUI for Windows", "version": { "version_data": [ { "version_name": "\u003c", "version_value": "7.60 PL10" }, { "version_name": "\u003c", "version_value": "7.70 PL1" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim." } ] }, "impact": { "cvss": { "baseScore": "3.4", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "URL Redirection to Untrusted Site" } ] } ] }, "references": { "reference_data": [ { "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655" }, { "name": "https://launchpad.support.sap.com/#/notes/3023078", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3023078" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2021-27612", "datePublished": "2021-05-11T14:19:33", "dateReserved": "2021-02-23T00:00:00", "dateUpdated": "2024-08-03T21:26:10.276Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }