SAP GUI for Java User Input Data Disclosure Vulnerability

A vulnerability exists in SAP GUI for Java that allows for the unauthorized reading of user input data saved on the client PC. This issue can be exploited by an attacker with administrative privileges or access to the victim's user directory at the Operating System level. The disclosed data, which could range from non-critical to highly sensitive depending on the user input in transactions, poses a significant risk to the application's confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user input data, causing a high impact on the application's confidentiality.

Remediation

Users are advised to review and implement the latest SAP Security Notes. Instructions for accessing SAP Security Notes can be found on the SAP for Me platform.