Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure in SAP GUI for Windows
Vulnerability Description
SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
带着不必要的权限执行
Vulnerability Title
SAP GUI for Windows 安全漏洞
Vulnerability Description
SAP GUI for Windows是德国思爱普(SAP)公司的一款用于Windows的界面图形软件。 SAP GUI for Windows存在安全漏洞,该漏洞源于调用特定ABAP前端服务时可能泄露NTML哈希。
CVSS Information
N/A
Vulnerability Type
N/A