CVE-2024-39600
[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Affected products
SAP_SE · SAP GUI for WindowsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →