CVE-2021-40503

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the users password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
sapgui_for_windows
𝑥
< 7.60
sapgui_for_windows
7.60
sapgui_for_windows
7.60:patch_level1
sapgui_for_windows
7.60:patch_level10
sapgui_for_windows
7.60:patch_level11
sapgui_for_windows
7.60:patch_level12
sapgui_for_windows
7.60:patch_level2
sapgui_for_windows
7.60:patch_level3
sapgui_for_windows
7.60:patch_level4
sapgui_for_windows
7.60:patch_level5
sapgui_for_windows
7.60:patch_level6
sapgui_for_windows
7.60:patch_level7
sapgui_for_windows
7.60:patch_level8
sapgui_for_windows
7.60:patch_level8_hotfix1
sapgui_for_windows
7.60:patch_level9
sapgui_for_windows
7.70
sapgui_for_windows
7.70:patch_level1
sapgui_for_windows
7.70:patch_level2
sapgui_for_windows
7.70:patch_level3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3080106
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864
https://launchpad.support.sap.com/#/notes/3080106
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864