CVE-2021-21448

EUVD-2021-8722
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
sapCNA
5.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
sapgraphical_user_interface
7.60
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2992269
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
https://launchpad.support.sap.com/#/notes/2992269
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476