PT-2021-22910 · Sap · Sap Gui For Windows

Published

2021-11-10

Updated

2021-11-29

CVE-2021-40503

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP GUI for Windows versions prior to 7.60 PL13 SAP GUI for Windows versions prior to 7.70 PL4

Description An information disclosure issue exists, allowing an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user's password. This leaked data could enable the attacker to logon to the backend system connected to the SAP GUI for Windows and launch further attacks, depending on the user's authorizations.

Recommendations For SAP GUI for Windows versions prior to 7.60 PL13, update to version 7.60 PL13 or later. For SAP GUI for Windows versions prior to 7.70 PL4, update to version 7.70 PL4 or later.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-40503

Affected Products

Sap Gui For Windows

PT-2021-22910 · Sap · Sap Gui For Windows

CVE-2021-40503

Weakness Enumeration

Related Identifiers

Affected Products

References · 5