PT-2026-24159 · Sap · Sap Gui For Windows
Published
2026-03-10
·
Updated
2026-03-10
·
CVE-2026-24317
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
SAP GUI for Windows (affected versions not specified)
Description
SAP GUI for Windows permits the loading of DLL files from arbitrary directories within the application. An unauthenticated attacker could exploit this by convincing a victim to place a malicious DLL in one of these directories. The malicious command is executed in the victim user's context if GuiXT is enabled. This impacts the confidentiality, integrity, and availability of the system.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Gui For Windows