SAP GUI for Windows memory exposure of login password
CVE-2024-39600 Published on July 9, 2024

[CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows
Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to an SAP system, which might allow an attacker to get hold of the password and impersonate the affected user. As a result, it has a high impact on the confidentiality but there is no impact on the integrity and availability.

NVD

Vulnerability Analysis

CVE-2024-39600 is exploitable with local system access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2024-39600 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2024-39600

Want to know whenever a new CVE is published for SAP Gui For Windows? stack.watch will email you.

SAP Gui For Windows
 

Affected Versions

SAP_SE SAP GUI for Windows Version BC-FES-GUI 8 is affected by CVE-2024-39600

Exploit Probability

EPSS
0.09%
Percentile
24.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.