CVE-2022-29614
Vulnerability from cvelistv5
Published
2022-06-14 18:27
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SAP SE | SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database |
Version: KERNEL 7.22 Version: 7.49 Version: 7.53 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: 7.88 Version: KRNL64NUC 7.22 Version: 7.22EXT Version: KRNL64UC 7.22 Version: SAPHOSTAGENT 7.22 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:06.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/3158619" }, { "name": "20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk)", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Sep/18" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "KERNEL 7.22" }, { "status": "affected", "version": "7.49" }, { "status": "affected", "version": "7.53" }, { "status": "affected", "version": "7.77" }, { "status": "affected", "version": "7.81" }, { "status": "affected", "version": "7.85" }, { "status": "affected", "version": "7.86" }, { "status": "affected", "version": "7.87" }, { "status": "affected", "version": "7.88" }, { "status": "affected", "version": "KRNL64NUC 7.22" }, { "status": "affected", "version": "7.22EXT" }, { "status": "affected", "version": "KRNL64UC 7.22" }, { "status": "affected", "version": "SAPHOSTAGENT 7.22" } ] } ], "descriptions": [ { "lang": "en", "value": "SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-16T15:06:19", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/3158619" }, { "name": "20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk)", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2022/Sep/18" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2022-29614", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database", "version": { "version_data": [ { "version_affected": "=", "version_value": "KERNEL 7.22" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "7.77" }, { "version_affected": "=", "version_value": "7.81" }, { "version_affected": "=", "version_value": "7.85" }, { "version_affected": "=", "version_value": "7.86" }, { "version_affected": "=", "version_value": "7.87" }, { "version_affected": "=", "version_value": "7.88" }, { "version_affected": "=", "version_value": "KRNL64NUC 7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "KRNL64UC 7.22" }, { "version_affected": "=", "version_value": "7.22EXT" }, { "version_affected": "=", "version_value": "7.49" }, { "version_affected": "=", "version_value": "7.53" }, { "version_affected": "=", "version_value": "SAPHOSTAGENT 7.22" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability." } ] }, "impact": { "cvss": { "baseScore": "null", "vectorString": "null", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" }, { "name": "https://launchpad.support.sap.com/#/notes/3158619", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3158619" }, { "name": "20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk)", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Sep/18" }, { "name": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-29614", "datePublished": "2022-06-14T18:27:16", "dateReserved": "2022-04-25T00:00:00", "dateUpdated": "2024-08-03T06:26:06.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "fkie_nvd": { "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E135017-1492-49F5-B3ED-F69D5476FB46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"816DBDA9-E4F1-476B-95B3-19758627E3A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E640D6CD-A1BA-46C5-B652-0A65F6FF17E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F567192-ED9A-47B9-A386-0A83AB64948E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AECEB43E-5E9C-4638-B7D8-29968AE1F4BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6606C14A-C9E6-4D4A-8E64-0699CBB15B93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F8C12AA-5635-4E29-A443-2A43A6BB0439\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD5FA276-9557-4E36-A37F-4B2A09703DA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE1BE43A-6659-4C08-8194-F85FA47D7D81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4673CFDB-C17D-437B-8FE8-F0EA5BA97831\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E415C122-70DF-478E-8493-4CF9E9AD934C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA5A9939-C663-4B52-97DB-64D80B40FB5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA9452E7-8B06-4B3B-870A-2A92103CD9CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.\"}, {\"lang\": \"es\", \"value\": \"SAP startservice - de SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform y HANA Database - versiones KERNEL versiones 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49 49, 7.53, SAPHOSTAGENT 7.22, - en los sistemas Unix, el programa de ayuda s-bit sapuxuserchk, puede ser abusado f\\u00edsicamente resultando en una escalada de privilegios de un atacante que conlleva a un bajo impacto en la confidencialidad e integridad, pero un profundo impacto en la disponibilidad\"}]", "id": "CVE-2022-29614", "lastModified": "2024-11-21T06:59:26.110", "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H\", \"baseScore\": 5.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.3, \"impactScore\": 4.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2022-06-14T19:15:07.427", "references": "[{\"url\": \"http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Sep/18\", \"source\": \"cna@sap.com\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3158619\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Sep/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3158619\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]" }, "nvd": "{\"cve\":{\"id\":\"CVE-2022-29614\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2022-06-14T19:15:07.427\",\"lastModified\":\"2024-11-21T06:59:26.110\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.\"},{\"lang\":\"es\",\"value\":\"SAP startservice - de SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform y HANA Database - versiones KERNEL versiones 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49 49, 7.53, SAPHOSTAGENT 7.22, - en los sistemas Unix, el programa de ayuda s-bit sapuxuserchk, puede ser abusado f\u00edsicamente resultando en una escalada de privilegios de un atacante que conlleva a un bajo impacto en la confidencialidad e integridad, pero un profundo impacto en la disponibilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.3,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E135017-1492-49F5-B3ED-F69D5476FB46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"816DBDA9-E4F1-476B-95B3-19758627E3A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E640D6CD-A1BA-46C5-B652-0A65F6FF17E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F567192-ED9A-47B9-A386-0A83AB64948E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AECEB43E-5E9C-4638-B7D8-29968AE1F4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6606C14A-C9E6-4D4A-8E64-0699CBB15B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8C12AA-5635-4E29-A443-2A43A6BB0439\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD5FA276-9557-4E36-A37F-4B2A09703DA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE1BE43A-6659-4C08-8194-F85FA47D7D81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4673CFDB-C17D-437B-8FE8-F0EA5BA97831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E415C122-70DF-478E-8493-4CF9E9AD934C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA5A9939-C663-4B52-97DB-64D80B40FB5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA9452E7-8B06-4B3B-870A-2A92103CD9CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Sep/18\",\"source\":\"cna@sap.com\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3158619\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Sep/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3158619\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.