// For flags

CVE-2021-40503

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.

Se presenta una vulnerabilidad de divulgación de información en SAP GUI para Windows - versiones anteriores a 7.60 PL13, 7.70 PL4, que permite a un atacante con privilegios suficientes en el PC local del lado del cliente obtener un equivalente de la contraseña del usuario. Con estos datos altamente confidenciales filtrados, el atacante podría iniciar la sesión en el sistema backend al que estaba conectada la SAP GUI para Windows y lanzar otros ataques en función de las autorizaciones del usuario

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-09-03 CVE Reserved
  • 2021-11-10 CVE Published
  • 2023-06-03 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
< 7.60
Search vendor "Sap" for product "Gui For Windows" and version " < 7.60"
-
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
-
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level1
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level10
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level11
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level12
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level2
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level3
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level4
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level5
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level6
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level7
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level8
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level8_hotfix1
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.60
Search vendor "Sap" for product "Gui For Windows" and version "7.60"
patch_level9
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.70
Search vendor "Sap" for product "Gui For Windows" and version "7.70"
-
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.70
Search vendor "Sap" for product "Gui For Windows" and version "7.70"
patch_level1
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.70
Search vendor "Sap" for product "Gui For Windows" and version "7.70"
patch_level2
Affected
Sap
Search vendor "Sap"
Gui For Windows
Search vendor "Sap" for product "Gui For Windows"
7.70
Search vendor "Sap" for product "Gui For Windows" and version "7.70"
patch_level3
Affected