Insecure Method Vulnerability in SAP GUI ActiveX Control
CVE-2008-4830

Currently unrated

Key Information:

Vendor

SAP

Status
Vendor
CVE Published:
16 April 2009

What is CVE-2008-4830?

The KWEdit ActiveX control within SAP GUI versions 6.40 Patch 29 and 7.10 Patch 5 contains an insecure method vulnerability that can be exploited by remote attackers. This vulnerability facilitates unauthorized file operations, allowing attackers to overwrite arbitrary files through the SaveDocumentAs method or to read and execute arbitrary files via the OpenDocument method. This presents a significant risk to confidentiality and integrity, making it important for users to implement mitigations.

References

EPSS Score

62% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.