On 14.06.2022 a security relevant correction has been released by SAP SE. The manufacturer resolves an issue within ABAP Java HANA platform.
SAP Note 3158619 addresses "[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database" to prevent os command injection with a medium risk for exploitation.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance, the team suggests.
Risk specificationSAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of a highly privileged attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
The vulnerability has been fixed by appropriate handling of the s-bit of sapuxuserchk.
The advisory is valid for
- KERNEL 7.22 14
- KERNEL 7.49 21
- KERNEL 7.53 21
- KERNEL 7.77 19
- KERNEL 7.81 18
- KERNEL 7.85 11
- KERNEL 7.86 10
- KERNEL 7.87 7
- KERNEL 7.88 4
- KRNL64NUC 7.22 18
- KRNL64NUC 7.22EXT 18
- KRNL64NUC 7.49 21
- KRNL64UC 7.22 18
- KRNL64UC 7.22EXT 18
- KRNL64UC 7.49 21
- KRNL64UC 7.53 18
- SAPHOSTAGENT 7.22 5
- 9.9 [CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)
- 9.1 Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent
- 9.1 [CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
- 8.4 [CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP
- 5.6 [CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)