CVE-2023-0012

Name of the Vulnerable Software and Affected Versions SAP Host Agent (Windows) versions 7.21, 7.22

Description An attacker who gains local membership to SAP LocalAdmin could replace executables with a malicious file that will be started under a privileged account. This can only occur if the system has already been compromised, as by default, all user members of SAP LocalAdmin are denied the ability to logon locally by security policy.

Recommendations For versions 7.21 and 7.22, consider restricting access to the SAP LocalAdmin group to minimize the risk of exploitation, as this vulnerability can be exploited if an attacker gains local membership to this group. Additionally, review security policies to ensure that the default denial of local logon for SAP LocalAdmin members is enforced. At the moment, there is no information about a newer version that contains a fix for this vulnerability.