CVE-2020-6244

HIGH

SAP Business Client 7.0 - Code Injection

Title source: llm

Description

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.

References (2)

[Permissions Required] https://launchpad.support.sap.com/#/notes/2911801

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (50)

sap/business_client

... and 35 more

Timeline

Published May 12, 2020

Tracked Since Feb 18, 2026