CVE-2022-29614
First published: Tue Jun 14 2022(Updated: )
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Host Agent | =7.22 | |
| SAP NetWeaver ABAP | =kernel_7.22 | |
| SAP NetWeaver ABAP | =kernel_7.49 | |
| SAP NetWeaver ABAP | =kernel_7.53 | |
| SAP NetWeaver ABAP | =kernel_7.77 | |
| SAP NetWeaver ABAP | =kernel_7.81 | |
| SAP NetWeaver ABAP | =kernel_7.85 | |
| SAP NetWeaver ABAP | =kernel_7.86 | |
| SAP NetWeaver ABAP | =kernel_7.87 | |
| SAP NetWeaver ABAP | =kernel_7.88 | |
| SAP NetWeaver ABAP | =krnl64nuc_7.22 | |
| SAP NetWeaver ABAP | =krnl64nuc_7.22ext | |
| SAP NetWeaver ABAP | =krnl64uc_7.22 | |
| SAP NetWeaver ABAP | =krnl64uc_7.22ext | |
| SAP NetWeaver ABAP | =krnl64uc_7.49 | |
| SAP NetWeaver ABAP | =krnl64uc_7.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is vulnerability CVE-2022-29614?
Vulnerability CVE-2022-29614 is a local privilege escalation vulnerability in SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform, and HANA Database.
Which SAP products are affected by vulnerability CVE-2022-29614?
SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform, and HANA Database versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, and SAPHOSTAGENT 7.22 on Unix systems are affected.
What is the severity of vulnerability CVE-2022-29614?
Vulnerability CVE-2022-29614 has a medium severity rating.
How can I fix vulnerability CVE-2022-29614?
To fix vulnerability CVE-2022-29614, apply the necessary security patches provided by SAP.
Where can I find more information about vulnerability CVE-2022-29614?
You can find more information about vulnerability CVE-2022-29614 in the references section of the vulnerability report.
- collector/nvd-index
- agent/references
- agent/author
- agent/weakness
- agent/severity
- vendor/sap
- canonical/sap host agent
- version/sap host agent/7.22
- canonical/sap netweaver abap
- version/sap netweaver abap/kernel_7.22
- version/sap netweaver abap/kernel_7.49
- version/sap netweaver abap/kernel_7.53
- version/sap netweaver abap/kernel_7.77
- version/sap netweaver abap/kernel_7.81
- version/sap netweaver abap/kernel_7.85
- version/sap netweaver abap/kernel_7.86
- version/sap netweaver abap/kernel_7.87
- version/sap netweaver abap/kernel_7.88
- version/sap netweaver abap/krnl64nuc_7.22
- version/sap netweaver abap/krnl64nuc_7.22ext
- version/sap netweaver abap/krnl64uc_7.22
- version/sap netweaver abap/krnl64uc_7.22ext
- version/sap netweaver abap/krnl64uc_7.49
- version/sap netweaver abap/krnl64uc_7.53