7.8
CVE-2020-6244
- EPSS 0.07%
- Published 12.05.2020 18:15:13
- Last modified 27.05.2025 16:50:33
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Business Client Version6.0 Update-
SAP ≫ Business Client Version6.0 Updatepatch_level1
SAP ≫ Business Client Version6.0 Updatepatch_level10
SAP ≫ Business Client Version6.0 Updatepatch_level11
SAP ≫ Business Client Version6.0 Updatepatch_level12
SAP ≫ Business Client Version6.0 Updatepatch_level13
SAP ≫ Business Client Version6.0 Updatepatch_level14
SAP ≫ Business Client Version6.0 Updatepatch_level15
SAP ≫ Business Client Version6.0 Updatepatch_level16
SAP ≫ Business Client Version6.0 Updatepatch_level17
SAP ≫ Business Client Version6.0 Updatepatch_level2
SAP ≫ Business Client Version6.0 Updatepatch_level3
SAP ≫ Business Client Version6.0 Updatepatch_level4
SAP ≫ Business Client Version6.0 Updatepatch_level5
SAP ≫ Business Client Version6.0 Updatepatch_level6
SAP ≫ Business Client Version6.0 Updatepatch_level7
SAP ≫ Business Client Version6.0 Updatepatch_level8
SAP ≫ Business Client Version6.0 Updatepatch_level9
SAP ≫ Business Client Version6.5 Update-
SAP ≫ Business Client Version6.5 Updatepatch_level1
SAP ≫ Business Client Version6.5 Updatepatch_level10
SAP ≫ Business Client Version6.5 Updatepatch_level11
SAP ≫ Business Client Version6.5 Updatepatch_level12
SAP ≫ Business Client Version6.5 Updatepatch_level13
SAP ≫ Business Client Version6.5 Updatepatch_level14
SAP ≫ Business Client Version6.5 Updatepatch_level15
SAP ≫ Business Client Version6.5 Updatepatch_level16
SAP ≫ Business Client Version6.5 Updatepatch_level17
SAP ≫ Business Client Version6.5 Updatepatch_level18
SAP ≫ Business Client Version6.5 Updatepatch_level19
SAP ≫ Business Client Version6.5 Updatepatch_level2
SAP ≫ Business Client Version6.5 Updatepatch_level20
SAP ≫ Business Client Version6.5 Updatepatch_level21
SAP ≫ Business Client Version6.5 Updatepatch_level22
SAP ≫ Business Client Version6.5 Updatepatch_level3
SAP ≫ Business Client Version6.5 Updatepatch_level4
SAP ≫ Business Client Version6.5 Updatepatch_level5
SAP ≫ Business Client Version6.5 Updatepatch_level6
SAP ≫ Business Client Version6.5 Updatepatch_level7
SAP ≫ Business Client Version6.5 Updatepatch_level8
SAP ≫ Business Client Version6.5 Updatepatch_level9
SAP ≫ Business Client Version7.0 Update-
SAP ≫ Business Client Version7.0 Updatepatch_level1
SAP ≫ Business Client Version7.0 Updatepatch_level2
SAP ≫ Business Client Version7.0 Updatepatch_level3
SAP ≫ Business Client Version7.0 Updatepatch_level4
SAP ≫ Business Client Version7.0 Updatepatch_level5
SAP ≫ Business Client Version7.0 Updatepatch_level6
SAP ≫ Business Client Version7.0 Updatepatch_level7
SAP ≫ Business Client Version7.0 Updatepatch_level8
SAP ≫ Business Client Version7.0 Updatepatch_level9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.187 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
| cna@sap.com | 7 | 1 | 5.9 |
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.