Description
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- SAP_SE / SAP GUI for Windows< 7.60 PL10 – < 7.60 PL10
- SAP_SE / SAP GUI for Windows< 7.70 PL1 – < 7.70 PL1