CVE-2022-22528

Name of the Vulnerable Software and Affected Versions SAP Adaptive Server Enterprise (ASE) version 16.0

Description The issue arises during the installation of SAP Adaptive Server Enterprise (ASE) on the Windows platform, where an entry is made in the system PATH environment variable. Under certain conditions, this allows a Standard User to execute malicious Windows binaries, potentially leading to privilege escalation on the local system. The problem is specifically with the ASE installer and does not affect other ASE binaries.

Recommendations For SAP Adaptive Server Enterprise (ASE) version 16.0, consider removing the entry made in the system PATH environment variable by the installer as a temporary workaround to minimize the risk of exploitation. Ensure that any malicious Windows binaries are removed from the system to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.