Description
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.
References (2)
Core 2
Core References
Permissions Required
https://launchpad.support.sap.com/#/notes/3311624
Scores
CVSS v3
6.7
EPSS
0.0014
EPSS Percentile
32.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (1)
sap/sapsetup
9.0
Published
Apr 11, 2023
Tracked Since
Feb 18, 2026