Primary

Context

SAP GUI for Windows Privilege Escalation Vulnerability via Insecure Credential Storage

Vulnerability

A vulnerability exists in SAP GUI for Windows, where RFC service credentials are improperly stored in the program's memory. This flaw allows an unauthenticated attacker to access sensitive information within systems, potentially leading to privilege escalation. The issue does not affect the integrity or availability of the system.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of highly sensitive information, with the potential for privilege escalation.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP Security Patch Day, which occurs on the second Tuesday of each month. For more information, consult the SAP Security Notes FAQ or visit the SAP Security Community.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP GUI for Windows Privilege Escalation Vulnerability via Insecure Credential Storage

Vulnerability

Impact

Remediation

Affected Products

SAP GUI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating