CVE-2021-38150

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
sapCNA
6.1 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
sapbusiness_client
6.0
sapbusiness_client
6.0:patch_level1
sapbusiness_client
6.0:patch_level10
sapbusiness_client
6.0:patch_level11
sapbusiness_client
6.0:patch_level12
sapbusiness_client
6.0:patch_level13
sapbusiness_client
6.0:patch_level14
sapbusiness_client
6.0:patch_level15
sapbusiness_client
6.0:patch_level16
sapbusiness_client
6.0:patch_level17
sapbusiness_client
6.0:patch_level2
sapbusiness_client
6.0:patch_level3
sapbusiness_client
6.0:patch_level4
sapbusiness_client
6.0:patch_level5
sapbusiness_client
6.0:patch_level6
sapbusiness_client
6.0:patch_level7
sapbusiness_client
6.0:patch_level8
sapbusiness_client
6.0:patch_level9
sapbusiness_client
6.5
sapbusiness_client
6.5:patch_level1
sapbusiness_client
6.5:patch_level10
sapbusiness_client
6.5:patch_level11
sapbusiness_client
6.5:patch_level12
sapbusiness_client
6.5:patch_level13
sapbusiness_client
6.5:patch_level14
sapbusiness_client
6.5:patch_level15
sapbusiness_client
6.5:patch_level16
sapbusiness_client
6.5:patch_level17
sapbusiness_client
6.5:patch_level18
sapbusiness_client
6.5:patch_level19
sapbusiness_client
6.5:patch_level2
sapbusiness_client
6.5:patch_level20
sapbusiness_client
6.5:patch_level21
sapbusiness_client
6.5:patch_level22
sapbusiness_client
6.5:patch_level3
sapbusiness_client
6.5:patch_level4
sapbusiness_client
6.5:patch_level5
sapbusiness_client
6.5:patch_level6
sapbusiness_client
6.5:patch_level7
sapbusiness_client
6.5:patch_level8
sapbusiness_client
6.5:patch_level9
sapbusiness_client
7.0
sapbusiness_client
7.0:patch_level1
sapbusiness_client
7.0:patch_level10
sapbusiness_client
7.0:patch_level11
sapbusiness_client
7.0:patch_level12
sapbusiness_client
7.0:patch_level13
sapbusiness_client
7.0:patch_level14
sapbusiness_client
7.0:patch_level15
sapbusiness_client
7.0:patch_level16
sapbusiness_client
7.0:patch_level17
sapbusiness_client
7.0:patch_level18
sapbusiness_client
7.0:patch_level19
sapbusiness_client
7.0:patch_level2
sapbusiness_client
7.0:patch_level20
sapbusiness_client
7.0:patch_level3
sapbusiness_client
7.0:patch_level4
sapbusiness_client
7.0:patch_level5
sapbusiness_client
7.0:patch_level6
sapbusiness_client
7.0:patch_level7
sapbusiness_client
7.0:patch_level8
sapbusiness_client
7.0:patch_level9
sapbusiness_client
7.70
sapbusiness_client
7.70:patch_level1
sapbusiness_client
7.70:patch_level2
sapbusiness_client
7.70:patch_level3
sapbusiness_client
7.70:patch_level4
sapbusiness_client
7.70:patch_level5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3060621
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
https://launchpad.support.sap.com/#/notes/3060621
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405