SAP GUI on Microsoft Windows or Internet Explorer can also be used for single sign-on.

By default, however, SAP uses unencrypted communication, which allows potential company-internal attackers to get access to usernames and passwords by listening on the network.

The vulnerability in the SAP GUI client for Windows allows remote code execution.

[8] Also, researchers who identified the security issues pointed out that the vulnerability allows an attacker to download ransomware on the SAP server that would be automatically installed on every workstation within a company.

[9] Since 1998 SAP GUI screens (so-called "DynPros") can be adjusted and customized with GuiXT.