CVE-2022-35292

CWE-4283 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 74.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ONESAP Business ONE
Timeline
PublishedSep 13
Latest updateSep 14

Description

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_business_one10.0

🔴Vulnerability Details

2
GHSA
GHSA-6fgv-p835-w43w: In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerab2022-09-14
CVEList
CVE-2022-35292: In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerab2022-09-13
CVE-2022-35292 (HIGH CVSS 7.8) | In SAP Business One application whe | cvebase.io