CVE-2020-6244

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 78.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ClientSAP Business Client
Timeline
PublishedMay 12
Latest updateMay 24

Description

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsap/business_client6.0, 6.5, 7.0+2

🔴Vulnerability Details

2
GHSA
GHSA-4wrg-fcqh-8cg6: SAP Business Client, version 72022-05-24
CVEList
CVE-2020-6244: SAP Business Client, version 72020-05-12
CVE-2020-6244 (HIGH CVSS 7.8) | SAP Business Client | cvebase.io