CVE-2021-27608

HIGH

SAPSetup <9.0 - Privilege Escalation

Title source: llm

Description

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

References (2)

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

[Permissions Required] https://launchpad.support.sap.com/#/notes/3039649

Scores

CVSS v3 7.5

EPSS 0.0012

EPSS Percentile 30.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

sap/setup 9.0

Published Apr 14, 2021

Tracked Since Feb 18, 2026