Memory Dump Vulnerability in SAP Business Client Versions 7.0 and 7.70: Exposing Sensitive Data and Credential Compromise

Memory Dump Vulnerability in SAP Business Client Versions 7.0 and 7.70: Exposing Sensitive Data and Credential Compromise

CVE-2021-38150 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

Learn more about our Social Engineering.