CVE-2022-29614

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*

History

27 Oct 2022, 19:07

Type Values Removed Values Added
References (FULLDISC) http://seclists.org/fulldisclosure/2022/Sep/18 - (FULLDISC) http://seclists.org/fulldisclosure/2022/Sep/18 - Exploit, Mailing List, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html - (MISC) http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html - Exploit, Third Party Advisory

16 Sep 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html -

16 Sep 2022, 07:15

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-269
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Sep/18 -

24 Jun 2022, 16:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 5.0
CWE CWE-269 NVD-CWE-noinfo
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
References (MISC) https://launchpad.support.sap.com/#/notes/3158619 - (MISC) https://launchpad.support.sap.com/#/notes/3158619 - Permissions Required, Vendor Advisory
CPE cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*
cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*
First Time Sap
Sap netweaver Abap
Sap host Agent

14 Jun 2022, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-14 19:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-29614

Mitre link : CVE-2022-29614

CVE.ORG link : CVE-2022-29614


JSON object : View

Products Affected

sap

  • host_agent
  • netweaver_abap
CWE
CWE-269

Improper Privilege Management

NVD-CWE-noinfo