CVE-2021-27612

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
sapCNA
3.4 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
sapgui_for_windows
7.60
sapgui_for_windows
7.60:patch_level1
sapgui_for_windows
7.60:patch_level2
sapgui_for_windows
7.60:patch_level3
sapgui_for_windows
7.60:patch_level4
sapgui_for_windows
7.60:patch_level5
sapgui_for_windows
7.60:patch_level6
sapgui_for_windows
7.60:patch_level7
sapgui_for_windows
7.60:patch_level8
sapgui_for_windows
7.60:patch_level8_hotfix1
sapgui_for_windows
7.60:patch_level9
sapgui_for_windows
7.70
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3023078
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
https://launchpad.support.sap.com/#/notes/3023078
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655