Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2022-29614

Published: 14/06/2022 Updated: 27/10/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 5 | Impact Score: 4.7 | Exploitability Score: 0.3
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sap

Vulnerability Summary

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap netweaver abap krnl64nuc_7.22

sap netweaver abap krnl64nuc_7.22ext

sap netweaver abap kernel_7.22

sap netweaver abap kernel_7.49

sap netweaver abap krnl64uc_7.22

sap netweaver abap krnl64uc_7.22ext

sap netweaver abap krnl64uc_7.49

sap netweaver abap krnl64uc_7.53

sap netweaver abap kernel_7.53

sap host agent 7.22

sap netweaver abap kernel_7.77

sap netweaver abap kernel_7.81

sap netweaver abap kernel_7.85

sap netweaver abap kernel_7.86

sap netweaver abap kernel_7.87

sap netweaver abap kernel_7.88

Exploits

Exploit DB: SAP SAPControl Web Service Interface Local Privilege Escalation
SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition ...

References

CWE-269https://launchpad.support.sap.com/#/notes/3158619https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlhttp://seclists.org/fulldisclosure/2022/Sep/18http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook