Description
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3140564
Vendor Advisory x_refsource_misc
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
30.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
sap/adaptive_server_enterprise
16.0
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026