CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38150
https://notcve.org/view.php?id=CVE-2021-38150
14 Sep 2021 — When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. Cuando un atacante consigue acceder a la memoria local, o al volcado de memoria de una víctima, por ejemplo mediante un ataque de ingeniería social, SAP Busi... • https://launchpad.support.sap.com/#/notes/3060621 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6244
https://notcve.org/view.php?id=CVE-2020-6244
12 May 2020 — SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. SAP Business Client, versión 7.0, permite a un atacante, después de un ataque exitoso de ingeniería social, inyectar código malicioso ya que un archivo DLL en directorios no confiables puede ser ejecut... • https://launchpad.support.sap.com/#/notes/2911801 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6228
https://notcve.org/view.php?id=CVE-2020-6228
14 Apr 2020 — SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. SAP Business Client, versiones 6.5, 7.0, no lleva a cabo las comprobaciones de integridad necesarias que podrían ser explotadas por un atacante bajo determinadas condiciones para modificar el instalador. • https://launchpad.support.sap.com/#/notes/2866752 • CWE-354: Improper Validation of Integrity Check Value •