CVE-2020-6244

HIGH Year: 2020
CVSS v3 Score
7.0
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-427
View all →

Vulnerability Description

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.

Related Vulnerabilities

CVE-2017-5176

HIGH
CVSS:7.0(High)

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and ear...

CWE-4272017

CVE-2017-6051

HIGH
CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may al...

CWE-4272017

CVE-2017-9661

HIGH
CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow...

CWE-4272017

CVE-2018-5457

HIGH
CVSS:7.0(High)

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vul...

CWE-4272018

CVE-2019-14688

HIGH
CVSS:7.0(High)

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a n...

CWE-4272019

CVE-2019-19235

HIGH
CVSS:7.0(High)

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular pat...

CWE-4272019