Privilege Escalation in SAP Host Agent by SAP
CVE-2022-35295

4.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Host Agent (SAPoscol)
Vendor: CVE Published:; 13 September 2022

What is CVE-2022-35295?

In SAP Host Agent (SAPOSCOL) version 7.22, a vulnerability exists that allows attackers to exploit files created by saposcol to escalate their privileges. This insufficient file handling opens avenues for unauthorized actions within the system, potentially compromising its security and integrity. It highlights the critical need for maintaining robust file management practices and monitoring to mitigate any risks associated with improper permissions.

Affected Version(s)

SAP Host Agent (SAPOSCOL) 7.22

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3159736

http://seclists.org/fulldisclosure/2022/Dec/12

mailing-list

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Jul 7, 2022