VDB

CVE-2021-40503

CVE-2021-40503 PUBLISHED CVSS 7.800000190734863 HIGH

An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.

EPSS 0.04% · 12.9th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.04%
12.9th percentile

Affected Products

VendorProductVersions
sapgui_for_windows0, 7.60, 7.60
SAP SESAP GUI for Windows*, *

Exploit Intelligence

Timeline

  • Nov 10, 2021 CVE Published
  • Nov 11, 2021 EPSS Score
  • Nov 18, 2021 EPSS Score
  • Nov 30, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 2, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 27, 2022 EPSS Score
  • Jun 21, 2022 EPSS Score
  • Aug 17, 2022 EPSS Score
  • Dec 6, 2022 EPSS Score
  • Jan 30, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›