SAP GUI for Windows User Input Data Disclosure Vulnerability

A vulnerability exists in SAP GUI for Windows that allows for the unauthorized reading of user input data stored on the client PC. This issue arises under specific conditions, where an attacker with administrative privileges or access to the victim's user directory at the Operating System level could access the data. The impact of this vulnerability varies depending on the nature of the user input, potentially leading to the disclosure of either non-critical or highly sensitive information, thereby significantly compromising the application's confidentiality.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of user input data, which may range from non-critical to highly sensitive, depending on the context of the transactions involved.

Remediation

Users are advised to review and implement the SAP Security Notes available in SAP for Me, particularly those related to this vulnerability. Instructions for accessing SAP Security Notes can be found in the SAP Security Notes FAQs.