When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
Max CVSS
6.5
EPSS Score
0.16%
Published
2021-09-14
Updated
2022-07-12
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
Max CVSS
7.8
EPSS Score
0.07%
Published
2020-05-12
Updated
2020-05-18
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.
Max CVSS
7.5
EPSS Score
0.09%
Published
2020-04-14
Updated
2020-04-15
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
Max CVSS
7.5
EPSS Score
0.16%
Published
2018-03-14
Updated
2020-08-24
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!