Sap Gui For Windows vulnerabilities

CVE-2024-39600 [MEDIUM] CWE-200 CVE-2024-39600: Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to an SAP system, which might allow an attacker to get hold of the password and impersonate the affected user. As a result, it has a high impact on the confidentiality but there is no impact on the integrity and availability.

CVE-2023-32113 [HIGH] CWE-200 CVE-2023-32113: SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.

CVE-2021-40503 [HIGH] CWE-522 CVE-2021-40503: An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 P An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows

CVE-2021-27612 [MEDIUM] CWE-601 CVE-2021-27612: In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user t In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.

CVE-2017-6950 [CRITICAL] CWE-732 CVE-2017-6950: SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.