cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-39600,https://securityvulnerability.io/vulnerability/CVE-2024-39600,SAP GUI Password Vulnerability Could Lead to Password Impersonation,"Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affected
user. As a result, it has a high impact on the confidentiality but there is no
impact on the integrity and availability.",SAP,SAP Gui For Windows,5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-09T04:19:47.498Z,0
CVE-2024-22125,https://securityvulnerability.io/vulnerability/CVE-2024-22125,Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge),"The Microsoft Edge browser extension for the SAP GUI connector, version 1.0, is vulnerable under specific conditions, allowing attackers to obtain access to sensitive information that should be restricted. This vulnerability raises significant concerns regarding data confidentiality and may lead to unauthorized exposure of sensitive organizational data. Users and organizations are advised to apply necessary mitigations and ensure their systems are updated to mitigate potential risks.",SAP,Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge),7.4,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2024-01-09T02:15:00.000Z,0
CVE-2023-49580,https://securityvulnerability.io/vulnerability/CVE-2023-49580,Information disclosure in SAP GUI for Windows and SAP GUI for Java,"The SAP GUI for Windows and Java, specifically versions SAP_BASIS 755, 756, 757, and 758, are susceptible to a vulnerability that allows an unauthorized attacker to gain access to sensitive, restricted information. This breach can lead to the creation of custom Layout configurations in the ABAP List Viewer, which could adversely affect both the integrity and availability of the service. An attacker may exploit this vulnerability to manipulate system response times, leading to potential disruptions in service.",SAP,SAP Gui For Windows And SAP Gui For Java,7.3,HIGH,0.000859999970998615,false,false,false,false,,false,false,2023-12-12T02:15:00.000Z,0
CVE-2023-32113,https://securityvulnerability.io/vulnerability/CVE-2023-32113,Information Disclosure vulnerability in SAP GUI for Windows,"The vulnerability in SAP GUI for Windows versions 7.70 and 8.0 allows unauthorized attackers to exploit NTLM authentication information. This occurs when a victim unwittingly clicks on a specially crafted shortcut file. If the victim possesses certain authorizations, the attacker may gain access to, read, or modify sensitive information following successful exploitation.",SAP,SAP Gui For Windows,9.3,CRITICAL,0.0017800000496208668,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2022-41205,https://securityvulnerability.io/vulnerability/CVE-2022-41205,,"SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.

",SAP,SAP Gui For Windows,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-39799,https://securityvulnerability.io/vulnerability/CVE-2022-39799,,"An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.",SAP,SAP Netweaver As Abap (SAP Gui For Html Within The Fiori LauncHPad),6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2022-09-13T15:43:40.000Z,0
CVE-2021-40503,https://securityvulnerability.io/vulnerability/CVE-2021-40503,,"An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.",SAP,SAP Gui For Windows,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-11-10T15:27:28.000Z,0
CVE-2021-33665,https://securityvulnerability.io/vulnerability/CVE-2021-33665,,"SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Netweaver Application Server Abap (applications Based On SAP Gui For Html),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-06-09T13:33:13.000Z,0
CVE-2021-27612,https://securityvulnerability.io/vulnerability/CVE-2021-27612,,"In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.",SAP,SAP Gui For Windows,3.4,LOW,0.0008399999933317304,false,false,false,false,,false,false,2021-05-11T14:19:33.000Z,0
CVE-2021-21448,https://securityvulnerability.io/vulnerability/CVE-2021-21448,,"SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim.",SAP,SAP Gui For Windows,5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-01-12T14:40:29.000Z,0
CVE-2019-0365,https://securityvulnerability.io/vulnerability/CVE-2019-0365,,"SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.",SAP,"SAP Kernel (krnl32nuc),SAP Kernel (krnl32uc),SAP Kernel (krnl64nuc),SAP Kernel (krnl64uc),SAP Kernel (kernel),SAP Gui For Windows (bc-fes-gui),SAP Gui For Java (bc-fes-jav)",7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2019-09-10T16:15:26.000Z,0
CVE-2008-4830,https://securityvulnerability.io/vulnerability/CVE-2008-4830,,Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.,SAP,SAP Gui,,,0.5598199963569641,false,false,false,false,,false,false,2009-04-16T15:00:00.000Z,0
CVE-2008-4827,https://securityvulnerability.io/vulnerability/CVE-2008-4827,,"Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.",SAP,"Tabone,SAP Gui,Tsc2 Help Desk,Sizerone",,,0.686680018901825,false,false,false,false,,false,false,2009-01-08T19:00:00.000Z,0