Description
An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3039649
Scores
CVSS v3
7.5
EPSS
0.0023
EPSS Percentile
13.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (1)
sap/setup
9.0
Published
Apr 14, 2021
Tracked Since
Feb 18, 2026