CVE-2021-38150 — Vulnetix

CVE-2021-38150 PUBLISHED CVSS 6.099999904632568 MEDIUM

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

EPSS 0.13% · 31.8th percentile

Risk Scores

CVSS v3.0

6.099999904632568

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS Score

0.13%

31.8th percentile

Affected Products

Vendor	Product	Versions
sap	business_client	6.0, 6.0, 6.0
SAP SE	SAP Business Client	< 7.0, < 7.70

Timeline

Sep 14, 2021 CVE Published
Sep 15, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 8, 2022 EPSS Score
Mar 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 3, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 26, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 19, 2022 EPSS Score

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 advisory
https://launchpad.support.sap.com/#/notes/3060621 url
https://nvd.nist.gov/vuln/detail/CVE-2021-38150 advisory

Open in Interactive Console →