An attacker can trick a victim user to execute an SAP GUI shortcut (SAP GUI for Windows), a Java start transaction (SAP GUI for Java) or to click the link (SAP GUI for HTML) and execute a state-changing action in the system with the credentials of the victim.
Available fix and Supported packages
Dynpro and CUA engine
Exploit is not available.
For detailed information please contact the mail [email protected]