CVE-2022-22528
First published: Wed Feb 09 2022(Updated: )
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Adaptive Server Enterprise | =16.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap adaptive server enterprise
- version/sap adaptive server enterprise/16.0
- vendor/microsoft
- canonical/microsoft windows