SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-427

https://me.sap.com/notes/3504847

https://url.sap/sapsecuritypatchday