CVE-2021-40503

EPSS 0.1%
Published 10.11.2021 16:15:08
Last modified 21.11.2024 06:24:16
Source cna@sap.com
Teams watchlist Login
Open Login

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Gui For Windows Version < 7.60

SAP ≫ Gui For Windows Version7.60 Update-

SAP ≫ Gui For Windows Version7.60 Updatepatch_level1

SAP ≫ Gui For Windows Version7.60 Updatepatch_level10

SAP ≫ Gui For Windows Version7.60 Updatepatch_level11

SAP ≫ Gui For Windows Version7.60 Updatepatch_level12

SAP ≫ Gui For Windows Version7.60 Updatepatch_level2

SAP ≫ Gui For Windows Version7.60 Updatepatch_level3

SAP ≫ Gui For Windows Version7.60 Updatepatch_level4

SAP ≫ Gui For Windows Version7.60 Updatepatch_level5

SAP ≫ Gui For Windows Version7.60 Updatepatch_level6

SAP ≫ Gui For Windows Version7.60 Updatepatch_level7

SAP ≫ Gui For Windows Version7.60 Updatepatch_level8

SAP ≫ Gui For Windows Version7.60 Updatepatch_level8_hotfix1

SAP ≫ Gui For Windows Version7.60 Updatepatch_level9

SAP ≫ Gui For Windows Version7.70 Update-

SAP ≫ Gui For Windows Version7.70 Updatepatch_level1

SAP ≫ Gui For Windows Version7.70 Updatepatch_level2

SAP ≫ Gui For Windows Version7.70 Updatepatch_level3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.239

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3080106

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-40503

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40503

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40503

EUVD