CVE-2022-29614 vulnerability in SAP Products
Published on June 14, 2022
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2022-29614
stack.watch emails you whenever new vulnerabilities are published in SAP Netweaver Abap or SAP Host Agent. Just hit a watch button to start following.
Affected Versions
SAP SE SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database:- Version KERNEL 7.22 is affected.
- Version 7.49 is affected.
- Version 7.53 is affected.
- Version 7.77 is affected.
- Version 7.81 is affected.
- Version 7.85 is affected.
- Version 7.86 is affected.
- Version 7.87 is affected.
- Version 7.88 is affected.
- Version KRNL64NUC 7.22 is affected.
- Version 7.22EXT is affected.
- Version KRNL64UC 7.22 is affected.
- Version SAPHOSTAGENT 7.22 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.