SAP Solution Manager privilege escalation | CVE-2022-22544

February 10, 2022

NAME

SAP Solution Manager privilege escalation

  • Platforms Affected:
    SAP Solution Manager 7.20
  • Risk Level:
    9.1
  • Exploitability:
    Unproven
  • Consequences:
    Gain Privileges

DESCRIPTION

SAP Solution Manager could allow a remote authenticated attacker to gain elevated privileges on the system, caused by missing segregation of duties. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVSS 3.0 Information

  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Current SAP customers should refer to SAP note 3140940 for patch information, available from the SAP Web site (login required). See References.

  • Reference Link:
    https://launchpad.support.sap.com/
  • Reference Link:
    https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

CISA Logo

US-CERT Vulnerability Summary for the Week of November 11, 2024

November 18, 2024
image

[DRAGONFORCE] – Ransomware Victim: SUSTA S[.]r[.]l[.]

November 18, 2024
image

[MEDUSA] – Ransomware Victim: Maxeon

November 18, 2024
image

[BLACKSUIT] – Ransomware Victim: eastgateauto[.]com

November 18, 2024
image

[ELDORADO] – Ransomware Victim: LA LUCKY Brand

November 18, 2024