Sap Se Sap Gui For Windows vulnerabilities

CVE-2025-42888 [MEDIUM] CWE-316 CVE-2025-42888: SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access s SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and availability.

CVE-2025-42943 [MEDIUM] CWE-250 CVE-2025-42943: SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are calle SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM au

CVE-2025-42979 [MEDIUM] CWE-922 CVE-2025-42979: The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms ins The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the orig

CVE-2025-43005 [MEDIUM] CWE-256 CVE-2025-43005: SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms us SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.

CVE-2025-24870 [MEDIUM] CWE-921 CVE-2025-24870: SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program al SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive information. This has no impact on integrity, and availability.

CVE-2025-0055 [MEDIUM] CWE-497 CVE-2025-0055: SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific cir SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-c

CVE-2024-39600 [MEDIUM] CWE-200 CVE-2024-39600: Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to an SAP system, which might allow an attacker to get hold of the password and impersonate the affected user. As a result, it has a high impact on the confidentiality but there is no impact on the integrity and availability.

CVE-2023-32113 [CRITICAL] CWE-200 CVE-2023-32113: SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.

CVE-2022-41205 [MEDIUM] CWE-94 CVE-2022-41205: SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful expl SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.

CVE-2021-40503 [HIGH] CWE-522 CVE-2021-40503: An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 P An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows

CVE-2021-27612 [MEDIUM] CWE-601 CVE-2021-27612: In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user t In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.

CVE-2021-21448 [MEDIUM] CVE-2021-21448: SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application S SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at leas

CVE-2019-0365 [HIGH] CVE-2019-0365: SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KR SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent