6.1
CVE-2021-27612
- EPSS 0.18%
- Published 11.05.2021 15:15:08
- Last modified 21.11.2024 05:58:17
- Source cna@sap.com
- Teams watchlist Login
- Open Login
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Gui For Windows Version7.60 Update-
SAP ≫ Gui For Windows Version7.60 Updatepatch_level1
SAP ≫ Gui For Windows Version7.60 Updatepatch_level2
SAP ≫ Gui For Windows Version7.60 Updatepatch_level3
SAP ≫ Gui For Windows Version7.60 Updatepatch_level4
SAP ≫ Gui For Windows Version7.60 Updatepatch_level5
SAP ≫ Gui For Windows Version7.60 Updatepatch_level6
SAP ≫ Gui For Windows Version7.60 Updatepatch_level7
SAP ≫ Gui For Windows Version7.60 Updatepatch_level8
SAP ≫ Gui For Windows Version7.60 Updatepatch_level8_hotfix1
SAP ≫ Gui For Windows Version7.60 Updatepatch_level9
SAP ≫ Gui For Windows Version7.70 Update-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.366 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| cna@sap.com | 3.4 | 1.6 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.