CVE-2023-29187

Name of the Vulnerable Software and Affected Versions SapSetup version 9.0

Description A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup, resulting in a privilege escalation running code as administrator of the same Windows PC. A successful attack depends on various preconditions beyond the attacker's control.

Recommendations For SapSetup version 9.0, consider restricting access to the SapSetup program to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the SapSetup program for software installation until the issue is resolved.