CVE-2021-40503
HIGHSAP GUI for Windows <7.60 PL13, 7.70 PL4 - Info Disclosure
Title source: llmDescription
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3080106
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
12.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (3)
sap/gui_for_windows
7.60 (14 CPE variants)
sap/gui_for_windows
7.70 (4 CPE variants)
sap/gui_for_windows
< 7.60
Published
Nov 10, 2021
Tracked Since
Feb 18, 2026