CVE-2024-39600

Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
sapCNA
5 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
sapgui_for_windows
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://me.sap.com/notes/3461110
https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3461110
https://url.sap/sapsecuritypatchday