An attacker who manages to get access to a users configuration file for SAP Download Manager might be able to obtain the stored proxy password. The flaw affects the SAP Download. Manager version up to 2.1.142 (released in October 2015), but experts at Core Security havent tested other products and versions. SAP has already fixed the problem and issued a new updated software this week. The vulnerability was discovered by Core Security Consulting Services Martin Gallo who discovered the flaw.”]
Source: https://securityaffairs.co/wordpress/45232/breaking-news/sap-download-manager-flaw.html