CVE-2022-31590 is a vulnerability in SAP Powerdesigner Proxy
Published on June 14, 2022
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around systems root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
Weakness Type
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Products Associated with CVE-2022-31590
Want to know whenever a new CVE is published for SAP Powerdesigner Proxy? stack.watch will email you.
Affected Versions
SAP SE SAP PowerDesigner Proxy 16.7 Version 16.7 is affected by CVE-2022-31590Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.