Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-40503

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.

Published

2021-11-10T16:15:08.757

Last Modified

2024-11-21T06:24:16.697

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-522
  • Type: Secondary
    CWE-522
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap gui_for_windows < 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.60 Yes
Application sap gui_for_windows 7.70 Yes
Application sap gui_for_windows 7.70 Yes
Application sap gui_for_windows 7.70 Yes
Application sap gui_for_windows 7.70 Yes
References