CVE-2022-35295

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*

History

01 Mar 2023, 16:34

Type Values Removed Values Added
CPE cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*
cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*
References (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/12 - (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/12 - Exploit, Mailing List, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html - (MISC) http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry

14 Dec 2022, 18:15

Type Values Removed Values Added
Summary Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) - versions 420, 430, exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
CWE CWE-200 CWE-755
References
  • {'url': 'https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3', 'name': 'https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3', 'tags': ['Not Applicable', 'Third Party Advisory'], 'refsource': 'MISC'}
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/12 -
  • (MISC) http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html -
  • (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

15 Sep 2022, 18:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.9
References (MISC) https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3 - (MISC) https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3 - Not Applicable, Third Party Advisory
References (MISC) https://launchpad.support.sap.com/#/notes/3159736 - (MISC) https://launchpad.support.sap.com/#/notes/3159736 - Permissions Required, Vendor Advisory
CPE cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:*:*:*:*

13 Sep 2022, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-13 16:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-35295

Mitre link : CVE-2022-35295

CVE.ORG link : CVE-2022-35295


JSON object : View

Products Affected

sap

  • host_agent
CWE
CWE-755

Improper Handling of Exceptional Conditions