Описание
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:business_client:6.0:-:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level1:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level10:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level11:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level12:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level13:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level14:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level15:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level16:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level17:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level2:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level3:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level4:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level5:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level6:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level7:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level8:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.0:patch_level9:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:-:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level1:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level10:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level11:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level12:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level13:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level14:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level15:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level16:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level17:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level18:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level19:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level2:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level20:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level21:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level22:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level3:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level4:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level5:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level6:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level7:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level8:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:6.5:patch_level9:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:-:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level1:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level2:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level3:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level4:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level5:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level6:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level7:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level8:*:*:*:*:*:*
cpe:2.3:a:sap:business_client:7.0:patch_level9:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
7 High
CVSS3
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427
CWE-427
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
EPSS
Процентиль: 22%
0.00071
Низкий
7 High
CVSS3
7.8 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-427
CWE-427