Published on: Not Yet Published
Last Modified on: 10/01/2022 02:15:00 AM UTC
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
- CVE-2022-35292 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: SAP SE - SAP Business One version = 10.0
CVSS3 Score: 7.8 - HIGH
|No Description Provided|| launchpad.support.sap.com |
|Improper error handling in CLA assistant can cause crash · Advisory · cla-assistant/cla-assistant · GitHub|| github.com |
|SAP Patch Day Blog|| web.archive.org |
Inactive LinkNot Archived
Known Affected Configurations (CPE V2.3)