Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2021-38150

Cleartext Storage of Sensitive Information

Published: Sep 14, 2021 | Modified: May 27, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-38150
CWEhttps://cwe.mitre.org/data/definitions/312.html

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Software

NameVendorStart VersionEnd Version
Business_clientSap6.0 (including)6.0 (including)
Business_clientSap6.0-patch_level1 (including)6.0-patch_level1 (including)
Business_clientSap6.0-patch_level10 (including)6.0-patch_level10 (including)
Business_clientSap6.0-patch_level11 (including)6.0-patch_level11 (including)
Business_clientSap6.0-patch_level12 (including)6.0-patch_level12 (including)
Business_clientSap6.0-patch_level13 (including)6.0-patch_level13 (including)
Business_clientSap6.0-patch_level14 (including)6.0-patch_level14 (including)
Business_clientSap6.0-patch_level15 (including)6.0-patch_level15 (including)
Business_clientSap6.0-patch_level16 (including)6.0-patch_level16 (including)
Business_clientSap6.0-patch_level17 (including)6.0-patch_level17 (including)
Business_clientSap6.0-patch_level2 (including)6.0-patch_level2 (including)
Business_clientSap6.0-patch_level3 (including)6.0-patch_level3 (including)
Business_clientSap6.0-patch_level4 (including)6.0-patch_level4 (including)
Business_clientSap6.0-patch_level5 (including)6.0-patch_level5 (including)
Business_clientSap6.0-patch_level6 (including)6.0-patch_level6 (including)
Business_clientSap6.0-patch_level7 (including)6.0-patch_level7 (including)
Business_clientSap6.0-patch_level8 (including)6.0-patch_level8 (including)
Business_clientSap6.0-patch_level9 (including)6.0-patch_level9 (including)
Business_clientSap6.5 (including)6.5 (including)
Business_clientSap6.5-patch_level1 (including)6.5-patch_level1 (including)
Business_clientSap6.5-patch_level10 (including)6.5-patch_level10 (including)
Business_clientSap6.5-patch_level11 (including)6.5-patch_level11 (including)
Business_clientSap6.5-patch_level12 (including)6.5-patch_level12 (including)
Business_clientSap6.5-patch_level13 (including)6.5-patch_level13 (including)
Business_clientSap6.5-patch_level14 (including)6.5-patch_level14 (including)
Business_clientSap6.5-patch_level15 (including)6.5-patch_level15 (including)
Business_clientSap6.5-patch_level16 (including)6.5-patch_level16 (including)
Business_clientSap6.5-patch_level17 (including)6.5-patch_level17 (including)
Business_clientSap6.5-patch_level18 (including)6.5-patch_level18 (including)
Business_clientSap6.5-patch_level19 (including)6.5-patch_level19 (including)
Business_clientSap6.5-patch_level2 (including)6.5-patch_level2 (including)
Business_clientSap6.5-patch_level20 (including)6.5-patch_level20 (including)
Business_clientSap6.5-patch_level21 (including)6.5-patch_level21 (including)
Business_clientSap6.5-patch_level22 (including)6.5-patch_level22 (including)
Business_clientSap6.5-patch_level3 (including)6.5-patch_level3 (including)
Business_clientSap6.5-patch_level4 (including)6.5-patch_level4 (including)
Business_clientSap6.5-patch_level5 (including)6.5-patch_level5 (including)
Business_clientSap6.5-patch_level6 (including)6.5-patch_level6 (including)
Business_clientSap6.5-patch_level7 (including)6.5-patch_level7 (including)
Business_clientSap6.5-patch_level8 (including)6.5-patch_level8 (including)
Business_clientSap6.5-patch_level9 (including)6.5-patch_level9 (including)
Business_clientSap7.0 (including)7.0 (including)
Business_clientSap7.0-patch_level1 (including)7.0-patch_level1 (including)
Business_clientSap7.0-patch_level10 (including)7.0-patch_level10 (including)
Business_clientSap7.0-patch_level11 (including)7.0-patch_level11 (including)
Business_clientSap7.0-patch_level12 (including)7.0-patch_level12 (including)
Business_clientSap7.0-patch_level13 (including)7.0-patch_level13 (including)
Business_clientSap7.0-patch_level14 (including)7.0-patch_level14 (including)
Business_clientSap7.0-patch_level15 (including)7.0-patch_level15 (including)
Business_clientSap7.0-patch_level16 (including)7.0-patch_level16 (including)
Business_clientSap7.0-patch_level17 (including)7.0-patch_level17 (including)
Business_clientSap7.0-patch_level18 (including)7.0-patch_level18 (including)
Business_clientSap7.0-patch_level19 (including)7.0-patch_level19 (including)
Business_clientSap7.0-patch_level2 (including)7.0-patch_level2 (including)
Business_clientSap7.0-patch_level20 (including)7.0-patch_level20 (including)
Business_clientSap7.0-patch_level3 (including)7.0-patch_level3 (including)
Business_clientSap7.0-patch_level4 (including)7.0-patch_level4 (including)
Business_clientSap7.0-patch_level5 (including)7.0-patch_level5 (including)
Business_clientSap7.0-patch_level6 (including)7.0-patch_level6 (including)
Business_clientSap7.0-patch_level7 (including)7.0-patch_level7 (including)
Business_clientSap7.0-patch_level8 (including)7.0-patch_level8 (including)
Business_clientSap7.0-patch_level9 (including)7.0-patch_level9 (including)
Business_clientSap7.70 (including)7.70 (including)
Business_clientSap7.70-patch_level1 (including)7.70-patch_level1 (including)
Business_clientSap7.70-patch_level2 (including)7.70-patch_level2 (including)
Business_clientSap7.70-patch_level3 (including)7.70-patch_level3 (including)
Business_clientSap7.70-patch_level4 (including)7.70-patch_level4 (including)
Business_clientSap7.70-patch_level5 (including)7.70-patch_level5 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use