← Back

CVE-2020-6244

nvd nist
Published: May 12, 2020Modified: May 27, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.

Affected (51)

Products: Sap: Business Client
Sap
1 product
Business Client
Configuration A
51 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Business Client
Version 6.0
Business Client
Version 6.0 patch_level10
Business Client
Version 6.0 patch_level11
Business Client
Version 6.0 patch_level12
Business Client
Version 6.0 patch_level13
Business Client
Version 6.0 patch_level14
Business Client
Version 6.0 patch_level15
Business Client
Version 6.0 patch_level16
Business Client
Version 6.0 patch_level17
Business Client
Version 6.0 patch_level1
Business Client
Version 6.0 patch_level2
Business Client
Version 6.0 patch_level3
Business Client
Version 6.0 patch_level4
Business Client
Version 6.0 patch_level5
Business Client
Version 6.0 patch_level6
Business Client
Version 6.0 patch_level7
Business Client
Version 6.0 patch_level8
Business Client
Version 6.0 patch_level9
Business Client
Version 6.5
Business Client
Version 6.5 patch_level10
Business Client
Version 6.5 patch_level11
Business Client
Version 6.5 patch_level12
Business Client
Version 6.5 patch_level13
Business Client
Version 6.5 patch_level14
Business Client
Version 6.5 patch_level15
Business Client
Version 6.5 patch_level16
Business Client
Version 6.5 patch_level17
Business Client
Version 6.5 patch_level18
Business Client
Version 6.5 patch_level19
Business Client
Version 6.5 patch_level1
Business Client
Version 6.5 patch_level20
Business Client
Version 6.5 patch_level21
Business Client
Version 6.5 patch_level22
Business Client
Version 6.5 patch_level2
Business Client
Version 6.5 patch_level3
Business Client
Version 6.5 patch_level4
Business Client
Version 6.5 patch_level5
Business Client
Version 6.5 patch_level6
Business Client
Version 6.5 patch_level7
Business Client
Version 6.5 patch_level8
Business Client
Version 6.5 patch_level9
Business Client
Version 7.0
Business Client
Version 7.0 patch_level1
Business Client
Version 7.0 patch_level2
Business Client
Version 7.0 patch_level3
Business Client
Version 7.0 patch_level4
Business Client
Version 7.0 patch_level5
Business Client
Version 7.0 patch_level6
Business Client
Version 7.0 patch_level7
Business Client
Version 7.0 patch_level8
Business Client
Version 7.0 patch_level9

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.