CVE-2022-35292
First published: Tue Sep 13 2022(Updated: )
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Business One on HANA | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2022-35292.
What is the severity rating of CVE-2022-35292?
The severity rating of CVE-2022-35292 is 7.8 (High).
What is the affected software for CVE-2022-35292?
The affected software for CVE-2022-35292 is SAP Business One version 10.0.
What is the vulnerability description for CVE-2022-35292?
The vulnerability in SAP Business One allows a user to gain SYSTEM privileges by exploiting an unquoted service path.
How can this vulnerability be fixed?
To fix this vulnerability, SAP Business One should ensure that the executable path for services is enclosed within quotes to prevent unquoted service paths.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/description
- agent/weakness
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap business one on hana
- version/sap business one on hana/10.0