Local Privilege Escalation in SAP PowerDesigner Proxy by SAP
CVE-2022-31590

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP Powerdesigner Proxy 16.7
Vendor: CVE Published:; 14 June 2022

What is CVE-2022-31590?

SAP PowerDesigner Proxy version 16.7 is susceptible to a local privilege escalation vulnerability that allows an attacker with low privileges and local access to bypass system's root disk access restrictions. By writing or creating a program file in the system disk root path, the attacker could execute this file with elevated application privileges at startup or upon rebooting the system. This could lead to severe compromises in the confidentiality, integrity, and availability of the affected system.

Affected Version(s)

SAP PowerDesigner Proxy 16.7 16.7

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3197005

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
May 24, 2022