CVE-2022-29614
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
14/06/2022
Last modified:
27/10/2022
Description
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
Impact
Base Score 3.x
5.00
Severity 3.x
MEDIUM
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page