CVE-2021-27608

Published: Apr 14, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 6.0

Source: NVD

Description

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

Affected (1)

Products: Sap: Setup

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Setup	Version 9.0

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

https://launchpad.support.sap.com/#/notes/3039649

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3039649

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.