CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-38150

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://launchpad.support.sap.com/#/notes/3060621
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
https://launchpad.support.sap.com/#/notes/3060621
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

Products affected by CVE-2021-38150

Sap » Business Client » Version: 6.0

cpe:2.3:a:sap:business_client:6.0
Sap » Business Client » Version: 6.5

cpe:2.3:a:sap:business_client:6.5
Sap » Business Client » Version: 7.0

cpe:2.3:a:sap:business_client:7.0
Sap » Business Client » Version: 7.70

cpe:2.3:a:sap:business_client:7.70

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-38150

Products

Pricing

Contact Us