Privilege Escalation Vulnerability in SAP Products
CVE-2022-31594

6.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Adaptive Server Enterprise (ase)
Vendor: CVE Published:; 14 June 2022

Summary

This vulnerability allows a highly privileged user to exploit a SUID-root program, enabling them to escalate privileges to the root level on a local Unix system. The flaw poses significant risks, as attackers could gain unauthorized access to sensitive data and system control. It's essential for organizations to apply relevant security updates to safeguard their systems against such exploits.

Affected Version(s)

SAP Adaptive Server Enterprise (ASE) KERNEL 7.22

SAP Adaptive Server Enterprise (ASE) 7.49

SAP Adaptive Server Enterprise (ASE) 7.53

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3155571

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
May 24, 2022