Lucene search

[email protected]NVD:CVE-2022-35292

HistorySep 13, 2022 - 4:15 p.m.

CVE-2022-35292

2022-09-1316:15:08

CWE-428

[email protected]

web.nvd.nist.gov

sap business one

unquoted service path

privileged permissions

confidentiality

integrity

availability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.7%

JSON

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.

Affected configurations

Nvd

Node

sapbusiness_oneMatch10.0

VendorProductVersionCPE
sapbusiness_one10.0cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	business_one	10.0	cpe:2.3:a:sap:business_one:10.0:::::::*

References

launchpad.support.sap.com/#/notes/3223392

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.7%

JSON

Related for NVD:CVE-2022-35292

cvelist1 prion1 cve1 openvas1