← Back

CVE-2021-40503

nvd nist
Published: Nov 10, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.

Affected (19)

Products: Sap: Gui For Windows
Sap
1 product
Gui For Windows
Configuration A
19 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Gui For Windows
Before 7.60
Gui For Windows
Version 7.60
Gui For Windows
Version 7.60 patch_level10
Gui For Windows
Version 7.60 patch_level11
Gui For Windows
Version 7.60 patch_level12
Gui For Windows
Version 7.60 patch_level1
Gui For Windows
Version 7.60 patch_level2
Gui For Windows
Version 7.60 patch_level3
Gui For Windows
Version 7.60 patch_level4
Gui For Windows
Version 7.60 patch_level5
Gui For Windows
Version 7.60 patch_level6
Gui For Windows
Version 7.60 patch_level7
Gui For Windows
Version 7.60 patch_level8
Gui For Windows
Version 7.60 patch_level8_hotfix1
Gui For Windows
Version 7.60 patch_level9
Gui For Windows
Version 7.70
Gui For Windows
Version 7.70 patch_level1
Gui For Windows
Version 7.70 patch_level2
Gui For Windows
Version 7.70 patch_level3

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.