6.5

CVE-2021-38150

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

Data is provided by the National Vulnerability Database (NVD)
SAPBusiness Client Version6.0 Update-
SAPBusiness Client Version6.0 Updatepatch_level1
SAPBusiness Client Version6.0 Updatepatch_level10
SAPBusiness Client Version6.0 Updatepatch_level11
SAPBusiness Client Version6.0 Updatepatch_level12
SAPBusiness Client Version6.0 Updatepatch_level13
SAPBusiness Client Version6.0 Updatepatch_level14
SAPBusiness Client Version6.0 Updatepatch_level15
SAPBusiness Client Version6.0 Updatepatch_level16
SAPBusiness Client Version6.0 Updatepatch_level17
SAPBusiness Client Version6.0 Updatepatch_level2
SAPBusiness Client Version6.0 Updatepatch_level3
SAPBusiness Client Version6.0 Updatepatch_level4
SAPBusiness Client Version6.0 Updatepatch_level5
SAPBusiness Client Version6.0 Updatepatch_level6
SAPBusiness Client Version6.0 Updatepatch_level7
SAPBusiness Client Version6.0 Updatepatch_level8
SAPBusiness Client Version6.0 Updatepatch_level9
SAPBusiness Client Version6.5 Update-
SAPBusiness Client Version6.5 Updatepatch_level1
SAPBusiness Client Version6.5 Updatepatch_level10
SAPBusiness Client Version6.5 Updatepatch_level11
SAPBusiness Client Version6.5 Updatepatch_level12
SAPBusiness Client Version6.5 Updatepatch_level13
SAPBusiness Client Version6.5 Updatepatch_level14
SAPBusiness Client Version6.5 Updatepatch_level15
SAPBusiness Client Version6.5 Updatepatch_level16
SAPBusiness Client Version6.5 Updatepatch_level17
SAPBusiness Client Version6.5 Updatepatch_level18
SAPBusiness Client Version6.5 Updatepatch_level19
SAPBusiness Client Version6.5 Updatepatch_level2
SAPBusiness Client Version6.5 Updatepatch_level20
SAPBusiness Client Version6.5 Updatepatch_level21
SAPBusiness Client Version6.5 Updatepatch_level22
SAPBusiness Client Version6.5 Updatepatch_level3
SAPBusiness Client Version6.5 Updatepatch_level4
SAPBusiness Client Version6.5 Updatepatch_level5
SAPBusiness Client Version6.5 Updatepatch_level6
SAPBusiness Client Version6.5 Updatepatch_level7
SAPBusiness Client Version6.5 Updatepatch_level8
SAPBusiness Client Version6.5 Updatepatch_level9
SAPBusiness Client Version7.0 Update-
SAPBusiness Client Version7.0 Updatepatch_level1
SAPBusiness Client Version7.0 Updatepatch_level10
SAPBusiness Client Version7.0 Updatepatch_level11
SAPBusiness Client Version7.0 Updatepatch_level12
SAPBusiness Client Version7.0 Updatepatch_level13
SAPBusiness Client Version7.0 Updatepatch_level14
SAPBusiness Client Version7.0 Updatepatch_level15
SAPBusiness Client Version7.0 Updatepatch_level16
SAPBusiness Client Version7.0 Updatepatch_level17
SAPBusiness Client Version7.0 Updatepatch_level18
SAPBusiness Client Version7.0 Updatepatch_level19
SAPBusiness Client Version7.0 Updatepatch_level2
SAPBusiness Client Version7.0 Updatepatch_level20
SAPBusiness Client Version7.0 Updatepatch_level3
SAPBusiness Client Version7.0 Updatepatch_level4
SAPBusiness Client Version7.0 Updatepatch_level5
SAPBusiness Client Version7.0 Updatepatch_level6
SAPBusiness Client Version7.0 Updatepatch_level7
SAPBusiness Client Version7.0 Updatepatch_level8
SAPBusiness Client Version7.0 Updatepatch_level9
SAPBusiness Client Version7.70 Update-
SAPBusiness Client Version7.70 Updatepatch_level1
SAPBusiness Client Version7.70 Updatepatch_level2
SAPBusiness Client Version7.70 Updatepatch_level3
SAPBusiness Client Version7.70 Updatepatch_level4
SAPBusiness Client Version7.70 Updatepatch_level5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.29
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
cna@sap.com 6.1 1.6 4
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.