cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-39600,https://securityvulnerability.io/vulnerability/CVE-2024-39600,SAP GUI Password Vulnerability Could Lead to Password Impersonation,"Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.",SAP,SAP Gui For Windows,5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-09T04:19:47.498Z,0
CVE-2023-49580,https://securityvulnerability.io/vulnerability/CVE-2023-49580,Information disclosure in SAP GUI for Windows and SAP GUI for Java,"The SAP GUI for Windows and Java, specifically versions SAP_BASIS 755, 756, 757, and 758, are susceptible to a vulnerability that allows an unauthorized attacker to gain access to sensitive, restricted information. This breach can lead to the creation of custom Layout configurations in the ABAP List Viewer, which could adversely affect both the integrity and availability of the service. An attacker may exploit this vulnerability to manipulate system response times, leading to potential disruptions in service.",SAP,SAP Gui For Windows And SAP Gui For Java,7.3,HIGH,0.000859999970998615,false,false,false,false,,false,false,2023-12-12T02:15:00.000Z,0
CVE-2023-32113,https://securityvulnerability.io/vulnerability/CVE-2023-32113,Information Disclosure vulnerability in SAP GUI for Windows,"The vulnerability in SAP GUI for Windows versions 7.70 and 8.0 allows unauthorized attackers to exploit NTLM authentication information. This occurs when a victim unwittingly clicks on a specially crafted shortcut file. If the victim possesses certain authorizations, the attacker may gain access to, read, or modify sensitive information following successful exploitation.",SAP,SAP Gui For Windows,9.3,CRITICAL,0.0017800000496208668,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2022-41205,https://securityvulnerability.io/vulnerability/CVE-2022-41205,,"SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.

",SAP,SAP Gui For Windows,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2021-40503,https://securityvulnerability.io/vulnerability/CVE-2021-40503,,"An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.",SAP,SAP Gui For Windows,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-11-10T15:27:28.000Z,0
CVE-2021-27612,https://securityvulnerability.io/vulnerability/CVE-2021-27612,,"In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.",SAP,SAP Gui For Windows,3.4,LOW,0.0008399999933317304,false,false,false,false,,false,false,2021-05-11T14:19:33.000Z,0
CVE-2021-21448,https://securityvulnerability.io/vulnerability/CVE-2021-21448,,"SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.",SAP,SAP Gui For Windows,5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-01-12T14:40:29.000Z,0
CVE-2019-0365,https://securityvulnerability.io/vulnerability/CVE-2019-0365,,"SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",SAP,"SAP Kernel (krnl32nuc),SAP Kernel (krnl32uc),SAP Kernel (krnl64nuc),SAP Kernel (krnl64uc),SAP Kernel (kernel),SAP Gui For Windows (bc-fes-gui),SAP Gui For Java (bc-fes-jav)",7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2019-09-10T16:15:26.000Z,0
CVE-2017-6950,https://securityvulnerability.io/vulnerability/CVE-2017-6950,,"SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.",SAP,Gui For Windows,9.8,CRITICAL,0.19487999379634857,false,false,false,false,,false,false,2017-03-23T20:00:00.000Z,0