Lucene search

SapCVE-2023-29187

HistoryApr 11, 2023 - 4:16 a.m.

CVE-2023-29187

2023-04-1104:16:08

CWE-427

sap

web.nvd.nist.gov

windows

dll hijacking

sapsetup 9.0

privilege escalation

security vulnerability

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.

Affected configurations

Nvd

Node

sapsapsetupMatch9.0

VendorProductVersionCPE
sapsapsetup9.0cpe:2.3:a:sap:sapsetup:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	sapsetup	9.0	cpe:2.3:a:sap:sapsetup:9.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SapSetup (Software Installation Program)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "9.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3311624

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-29187