SAP GUI Authentication Vulnerability Exposes Local Network to Script Execution
CVE-2022-41205

5.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Gui For Windows
Vendor: CVE Published:; 8 November 2022

Summary

SAP GUI contains a vulnerability that permits authenticated attackers to execute scripts within the local network environment. Successful exploitation of this vulnerability allows attackers to access sensitive registry information, potentially compromising the application's availability. This security flaw underscores the necessity for organizations to implement robust security practices and monitor their SAP systems vigilantly.

Affected Version(s)

SAP GUI for Windows = 7.70

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3237251

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Sep 21, 2022