Information disclosure

2021-11-1016:15:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.

CPENameOperatorVersion
gui_for_windowseq7.60 patch-level1
gui_for_windowseq7.60 patch-level2
gui_for_windowseq7.60 patch-level3
gui_for_windowseq7.60 patch-level4
gui_for_windowseq7.60 patch-level5
gui_for_windowseq7.60 patch-level6
gui_for_windowseq7.60
gui_for_windowseq7.60 patch-level7
gui_for_windowseq7.60 patch-level8
gui_for_windowseq7.60 patchlevel8hotfix1

Name	Operator	Version
gui_for_windows	eq	7.60 patch-level1
gui_for_windows	eq	7.60 patch-level2
gui_for_windows	eq	7.60 patch-level3
gui_for_windows	eq	7.60 patch-level4
gui_for_windows	eq	7.60 patch-level5
gui_for_windows	eq	7.60 patch-level6
gui_for_windows	eq	7.60
gui_for_windows	eq	7.60 patch-level7
gui_for_windows	eq	7.60 patch-level8
gui_for_windows	eq	7.60 patchlevel8hotfix1