Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38150 | 1 Sap | 1 Business Client | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. | |||||
CVE-2018-2398 | 1 Sap | 1 Business Client | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. | |||||
CVE-2020-6244 | 1 Sap | 1 Business Client | 2020-05-18 | 4.4 MEDIUM | 7.8 HIGH |
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | |||||
CVE-2020-6228 | 1 Sap | 1 Business Client | 2020-04-15 | 4.3 MEDIUM | 7.5 HIGH |
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. |