Lucene search

SapCVELIST:CVE-2021-21448

HistoryJan 12, 2021 - 2:40 p.m.

CVE-2021-21448

2021-01-1214:40:29

sap

www.cve.org

sap gui

windows

spoofing

logon credentials

local attacker

information disclosure

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

12.6%

JSON

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.

CNA Affected

[
  {
    "product": "SAP GUI FOR WINDOWS",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.60"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2992269

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-21448