CVE-2021-38150

CWE-312Cleartext Storage of Sensitive InfoCWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 67.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ClientSAP Business Client
Timeline
PublishedSep 14
Latest updateMay 24

Description

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_business_client< 7.0+1
NVDsap/business_client4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-5qm4-cm2h-3cgf: When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business C2022-05-24
CVEList
CVE-2021-38150: When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business C2021-09-14
CVE-2021-38150 (MEDIUM CVSS 6.5) | When an attacker manages to get acc | cvebase.io