VYPR
Unrated severityNVD Advisory· Published Nov 10, 2021· Updated Aug 4, 2024

CVE-2021-40503

CVE-2021-40503

Description

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.

Affected products

2
  • Range: <7.60 PL13, <7.70 PL4
  • SAP SE/SAP GUI for Windowsv5
    Range: < 7.60 PL13

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.