Description
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected products
- SAP_SE / SAP GUI for Windows<= 7.70 – <= 7.70
- SAP_SE / SAP GUI for Windows7.70 PL0 – 7.70 PL11
- SAP_SE / SAP GUI for Windows8.00 PL0 – 8.00 PL1