Insecure Method Vulnerability in SAP GUI ActiveX Control
CVE-2008-4830

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Gui
Vendor: CVE Published:; 16 April 2009

Summary

The KWEdit ActiveX control within SAP GUI versions 6.40 Patch 29 and 7.10 Patch 5 contains an insecure method vulnerability that can be exploited by remote attackers. This vulnerability facilitates unauthorized file operations, allowing attackers to overwrite arbitrary files through the SaveDocumentAs method or to read and execute arbitrary files via the OpenDocument method. This presents a significant risk to confidentiality and integrity, making it important for users to implement mitigations.

References

http://secunia.com/secunia_research/2008-56/

x_refsource_MISC

http://secunia.com/advisories/32869

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/502698/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 16, 2009
Vulnerability Reserved
Oct 31, 2008