CVE-2020-6244

EUVD-2020-27394
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
sapCNA
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
sapbusiness_client
6.0
sapbusiness_client
6.0:patch_level1
sapbusiness_client
6.0:patch_level10
sapbusiness_client
6.0:patch_level11
sapbusiness_client
6.0:patch_level12
sapbusiness_client
6.0:patch_level13
sapbusiness_client
6.0:patch_level14
sapbusiness_client
6.0:patch_level15
sapbusiness_client
6.0:patch_level16
sapbusiness_client
6.0:patch_level17
sapbusiness_client
6.0:patch_level2
sapbusiness_client
6.0:patch_level3
sapbusiness_client
6.0:patch_level4
sapbusiness_client
6.0:patch_level5
sapbusiness_client
6.0:patch_level6
sapbusiness_client
6.0:patch_level7
sapbusiness_client
6.0:patch_level8
sapbusiness_client
6.0:patch_level9
sapbusiness_client
6.5
sapbusiness_client
6.5:patch_level1
sapbusiness_client
6.5:patch_level10
sapbusiness_client
6.5:patch_level11
sapbusiness_client
6.5:patch_level12
sapbusiness_client
6.5:patch_level13
sapbusiness_client
6.5:patch_level14
sapbusiness_client
6.5:patch_level15
sapbusiness_client
6.5:patch_level16
sapbusiness_client
6.5:patch_level17
sapbusiness_client
6.5:patch_level18
sapbusiness_client
6.5:patch_level19
sapbusiness_client
6.5:patch_level2
sapbusiness_client
6.5:patch_level20
sapbusiness_client
6.5:patch_level21
sapbusiness_client
6.5:patch_level22
sapbusiness_client
6.5:patch_level3
sapbusiness_client
6.5:patch_level4
sapbusiness_client
6.5:patch_level5
sapbusiness_client
6.5:patch_level6
sapbusiness_client
6.5:patch_level7
sapbusiness_client
6.5:patch_level8
sapbusiness_client
6.5:patch_level9
sapbusiness_client
7.0
sapbusiness_client
7.0:patch_level1
sapbusiness_client
7.0:patch_level2
sapbusiness_client
7.0:patch_level3
sapbusiness_client
7.0:patch_level4
sapbusiness_client
7.0:patch_level5
sapbusiness_client
7.0:patch_level6
sapbusiness_client
7.0:patch_level7
sapbusiness_client
7.0:patch_level8
sapbusiness_client
7.0:patch_level9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2911801
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
https://launchpad.support.sap.com/#/notes/2911801
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222