CVE-2022-29614

5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver As Abap, As Java, Abap Platform And Hana Database
Vendor
CVE Published:
14 June 2022

Summary

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.

Affected Version(s)

SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database KERNEL 7.22

SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database 7.49

SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database 7.53

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3158619
x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Sep/18
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.