Local Privilege Escalation in SAP NetWeaver Application Server and HANA Database
CVE-2022-29614

5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver As Abap, As Java, Abap Platform And Hana Database
Vendor
CVE Published:
14 June 2022

Summary

A vulnerability exists within the sapuxuserchk utility of SAP NetWeaver Application Server ABAP and HANA Database that could be exploited by an attacker with physical access to the Unix systems running these products. This flaw allows for local privilege escalation, potentially compromising the availability of affected applications. Mitigating this risk is crucial to maintain the integrity and confidentiality of the system.

Affected Version(s)

SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database KERNEL 7.22

SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database 7.49

SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database 7.53

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3158619
x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Sep/18
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.