When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Business_client | Sap | 6.0 (including) | 6.0 (including) |
| Business_client | Sap | 6.0-patch_level1 (including) | 6.0-patch_level1 (including) |
| Business_client | Sap | 6.0-patch_level10 (including) | 6.0-patch_level10 (including) |
| Business_client | Sap | 6.0-patch_level11 (including) | 6.0-patch_level11 (including) |
| Business_client | Sap | 6.0-patch_level12 (including) | 6.0-patch_level12 (including) |
| Business_client | Sap | 6.0-patch_level13 (including) | 6.0-patch_level13 (including) |
| Business_client | Sap | 6.0-patch_level14 (including) | 6.0-patch_level14 (including) |
| Business_client | Sap | 6.0-patch_level15 (including) | 6.0-patch_level15 (including) |
| Business_client | Sap | 6.0-patch_level16 (including) | 6.0-patch_level16 (including) |
| Business_client | Sap | 6.0-patch_level17 (including) | 6.0-patch_level17 (including) |
| Business_client | Sap | 6.0-patch_level2 (including) | 6.0-patch_level2 (including) |
| Business_client | Sap | 6.0-patch_level3 (including) | 6.0-patch_level3 (including) |
| Business_client | Sap | 6.0-patch_level4 (including) | 6.0-patch_level4 (including) |
| Business_client | Sap | 6.0-patch_level5 (including) | 6.0-patch_level5 (including) |
| Business_client | Sap | 6.0-patch_level6 (including) | 6.0-patch_level6 (including) |
| Business_client | Sap | 6.0-patch_level7 (including) | 6.0-patch_level7 (including) |
| Business_client | Sap | 6.0-patch_level8 (including) | 6.0-patch_level8 (including) |
| Business_client | Sap | 6.0-patch_level9 (including) | 6.0-patch_level9 (including) |
| Business_client | Sap | 6.5 (including) | 6.5 (including) |
| Business_client | Sap | 6.5-patch_level1 (including) | 6.5-patch_level1 (including) |
| Business_client | Sap | 6.5-patch_level10 (including) | 6.5-patch_level10 (including) |
| Business_client | Sap | 6.5-patch_level11 (including) | 6.5-patch_level11 (including) |
| Business_client | Sap | 6.5-patch_level12 (including) | 6.5-patch_level12 (including) |
| Business_client | Sap | 6.5-patch_level13 (including) | 6.5-patch_level13 (including) |
| Business_client | Sap | 6.5-patch_level14 (including) | 6.5-patch_level14 (including) |
| Business_client | Sap | 6.5-patch_level15 (including) | 6.5-patch_level15 (including) |
| Business_client | Sap | 6.5-patch_level16 (including) | 6.5-patch_level16 (including) |
| Business_client | Sap | 6.5-patch_level17 (including) | 6.5-patch_level17 (including) |
| Business_client | Sap | 6.5-patch_level18 (including) | 6.5-patch_level18 (including) |
| Business_client | Sap | 6.5-patch_level19 (including) | 6.5-patch_level19 (including) |
| Business_client | Sap | 6.5-patch_level2 (including) | 6.5-patch_level2 (including) |
| Business_client | Sap | 6.5-patch_level20 (including) | 6.5-patch_level20 (including) |
| Business_client | Sap | 6.5-patch_level21 (including) | 6.5-patch_level21 (including) |
| Business_client | Sap | 6.5-patch_level22 (including) | 6.5-patch_level22 (including) |
| Business_client | Sap | 6.5-patch_level3 (including) | 6.5-patch_level3 (including) |
| Business_client | Sap | 6.5-patch_level4 (including) | 6.5-patch_level4 (including) |
| Business_client | Sap | 6.5-patch_level5 (including) | 6.5-patch_level5 (including) |
| Business_client | Sap | 6.5-patch_level6 (including) | 6.5-patch_level6 (including) |
| Business_client | Sap | 6.5-patch_level7 (including) | 6.5-patch_level7 (including) |
| Business_client | Sap | 6.5-patch_level8 (including) | 6.5-patch_level8 (including) |
| Business_client | Sap | 6.5-patch_level9 (including) | 6.5-patch_level9 (including) |
| Business_client | Sap | 7.0 (including) | 7.0 (including) |
| Business_client | Sap | 7.0-patch_level1 (including) | 7.0-patch_level1 (including) |
| Business_client | Sap | 7.0-patch_level10 (including) | 7.0-patch_level10 (including) |
| Business_client | Sap | 7.0-patch_level11 (including) | 7.0-patch_level11 (including) |
| Business_client | Sap | 7.0-patch_level12 (including) | 7.0-patch_level12 (including) |
| Business_client | Sap | 7.0-patch_level13 (including) | 7.0-patch_level13 (including) |
| Business_client | Sap | 7.0-patch_level14 (including) | 7.0-patch_level14 (including) |
| Business_client | Sap | 7.0-patch_level15 (including) | 7.0-patch_level15 (including) |
| Business_client | Sap | 7.0-patch_level16 (including) | 7.0-patch_level16 (including) |
| Business_client | Sap | 7.0-patch_level17 (including) | 7.0-patch_level17 (including) |
| Business_client | Sap | 7.0-patch_level18 (including) | 7.0-patch_level18 (including) |
| Business_client | Sap | 7.0-patch_level19 (including) | 7.0-patch_level19 (including) |
| Business_client | Sap | 7.0-patch_level2 (including) | 7.0-patch_level2 (including) |
| Business_client | Sap | 7.0-patch_level20 (including) | 7.0-patch_level20 (including) |
| Business_client | Sap | 7.0-patch_level3 (including) | 7.0-patch_level3 (including) |
| Business_client | Sap | 7.0-patch_level4 (including) | 7.0-patch_level4 (including) |
| Business_client | Sap | 7.0-patch_level5 (including) | 7.0-patch_level5 (including) |
| Business_client | Sap | 7.0-patch_level6 (including) | 7.0-patch_level6 (including) |
| Business_client | Sap | 7.0-patch_level7 (including) | 7.0-patch_level7 (including) |
| Business_client | Sap | 7.0-patch_level8 (including) | 7.0-patch_level8 (including) |
| Business_client | Sap | 7.0-patch_level9 (including) | 7.0-patch_level9 (including) |
| Business_client | Sap | 7.70 (including) | 7.70 (including) |
| Business_client | Sap | 7.70-patch_level1 (including) | 7.70-patch_level1 (including) |
| Business_client | Sap | 7.70-patch_level2 (including) | 7.70-patch_level2 (including) |
| Business_client | Sap | 7.70-patch_level3 (including) | 7.70-patch_level3 (including) |
| Business_client | Sap | 7.70-patch_level4 (including) | 7.70-patch_level4 (including) |
| Business_client | Sap | 7.70-patch_level5 (including) | 7.70-patch_level5 (including) |