← voltar
CVE-2021-40503

CVE-2021-40503

EPSS 0.2%CWE-522
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 nov 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
Produtos afetados
SAP SE · SAP GUI for Windows

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://launchpad.support.sap.com/#/notes/3080106https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864