CVE-2022-29614

Summary

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA DatabaseKERNEL 7.22affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.49affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.53affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.77affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.81affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.85affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.86affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.87affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.88affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA DatabaseKRNL64NUC 7.22affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database7.22EXTaffected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA DatabaseKRNL64UC 7.22affected
SAP SESAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA DatabaseSAPHOSTAGENT 7.22affected

Weaknesses

  • CWE-269: CWE-269

ADP Enrichment

CVE Program Container

Additional References

References