Lucene search

[email protected]NVD:CVE-2021-27608

HistoryApr 14, 2021 - 3:15 p.m.

CVE-2021-27608

2021-04-1415:15:13

CWE-428

[email protected]

web.nvd.nist.gov

sapsetup

privilege escalation

installation

compromise

confidentiality

integrity

availability

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

Affected configurations

Nvd

Node

sapsetupMatch9.0

VendorProductVersionCPE
sapsetup9.0cpe:2.3:a:sap:setup:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	setup	9.0	cpe:2.3:a:sap:setup:9.0:::::::*

References

launchpad.support.sap.com/#/notes/3039649

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-27608

cve1 cvelist1 prion1 openvas1