CVE-2020-6244

Name of the Vulnerable Software and Affected Versions SAP Business Client version 7.0

Description The issue allows an attacker, after a successful social engineering attack, to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to an uncontrolled search path element. This could enable the attacker to control the behavior of the application.

Recommendations For SAP Business Client version 7.0, consider restricting the execution of DLL files from untrusted directories to minimize the risk of exploitation. As a temporary workaround, ensure that all directories where the application searches for DLLs are trusted and properly secured. At the moment, there is no information about a newer version that contains a fix for this vulnerability.