Unquoted Service Path Vulnerability in SAP Business One Application
CVE-2022-35292

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 13 September 2022

What is CVE-2022-35292?

The vulnerability occurs in the SAP Business One application when creating a service. If the executable path includes spaces and is not enclosed in quotes, it results in an unquoted service path vulnerability. This can be exploited by adversaries to execute malicious payloads, granting them SYSTEM privileges. Consequently, this elevated access can severely impact the confidentiality, integrity, and availability of the system and its data.

Affected Version(s)

SAP Business One 10.0

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3223392

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Jul 7, 2022