CVE-2022-29614

Published Jun 14, 2022

Last updated 2 years ago

CVSS medium 5.0

Overview

Description: SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5
Impact score: 4.7
Exploitability score: 0.3
Vector string: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

cna@sap.com: CWE-269
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E135017-1492-49F5-B3ED-F69D5476FB46"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F567192-ED9A-47B9-A386-0A83AB64948E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AECEB43E-5E9C-4638-B7D8-29968AE1F4BB"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6606C14A-C9E6-4D4A-8E64-0699CBB15B93"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F8C12AA-5635-4E29-A443-2A43A6BB0439"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD5FA276-9557-4E36-A37F-4B2A09703DA3"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References