CVE-2021-38150

Опубликовано: 14 сент. 2021

Источник: nvd

CVSS3: 6.1

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

Ссылки

https://launchpad.support.sap.com/#/notes/3060621
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Vendor Advisory
https://launchpad.support.sap.com/#/notes/3060621
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:business_client:6.0:-:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level1:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level10:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level11:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level12:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level13:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level14:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level15:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level16:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level17:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level2:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level3:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level4:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level5:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level6:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level7:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level8:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.0:patch_level9:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:-:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level1:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level10:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level11:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level12:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level13:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level14:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level15:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level16:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level17:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level18:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level19:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level2:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level20:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level21:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level22:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level3:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level4:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level5:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level6:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level7:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level8:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:6.5:patch_level9:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:-:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level1:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level10:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level11:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level12:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level13:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level14:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level15:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level16:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level17:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level18:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level19:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level2:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level20:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level3:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level4:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level5:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level6:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level7:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level8:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.0:patch_level9:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.70:-:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.70:patch_level1:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.70:patch_level2:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.70:patch_level3:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.70:patch_level4:*:*:*:*:*:*

cpe:2.3:a:sap:business_client:7.70:patch_level5:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00128

Низкий

6.1 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-5qm4-cm2h-3cgf

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 33%

0.00128

Низкий

6.1 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-312