PT-2021-17544 · Sap · Sapsetup
Published
2021-04-14
·
Updated
2021-04-20
·
CVE-2021-27608
CVSS v3.1
7.5
High
| Vector | AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAPSetup version 9.0
Description
The issue is related to an unquoted service path in the installation process, which could lead to privilege escalation when an executable file is registered. This could result in the complete compromise of confidentiality, integrity, and availability.
Recommendations
For SAPSetup version 9.0, consider updating to a newer version that addresses this issue, or as a temporary workaround, ensure that all service paths are properly quoted to prevent potential exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sapsetup