Vulnerabilities > SAP > GUI FOR Windows

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-32113 Information Exposure vulnerability in SAP GUI for Windows
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file.
network
low complexity
sap CWE-200
critical
9.3
2021-11-10 CVE-2021-40503 Insufficiently Protected Credentials vulnerability in SAP GUI for Windows
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password.
local
low complexity
sap CWE-522
7.8
2021-05-11 CVE-2021-27612 Open Redirect vulnerability in SAP GUI for Windows 7.60/7.70
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
network
low complexity
sap CWE-601
6.1
2017-03-23 CVE-2017-6950 Incorrect Permission Assignment for Critical Resource vulnerability in SAP GUI for Windows
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616.
network
low complexity
sap CWE-732
critical
9.8