Advisory
On 14.06.2022 a security relevant correction has been released by SAP SE. The manufacturer resolves an issue within ABAP Java HANA platform.
SAP Note 3158619 addresses "[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database" to prevent os command injection with a medium risk for exploitation.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance, the team suggests.
Risk specification
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of a highly privileged attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.Solution
The vulnerability has been fixed by appropriate handling of the s-bit of sapuxuserchk.
The advisory is valid for
- KERNEL 7.22 21
- KERNEL 7.49 23
- KERNEL 7.53 33
- KERNEL 7.77 31
- KERNEL 7.81 24
- KERNEL 7.85 22
- KERNEL 7.86 10
- KERNEL 7.87 7
- KERNEL 7.88 5
- KRNL64NUC 7.22 27
- KRNL64NUC 7.22EXT 27
- KRNL64NUC 7.49 24
- KRNL64UC 7.22 27
- KRNL64UC 7.22EXT 27
- KRNL64UC 7.49 24
- KRNL64UC 7.53 33
- SAPHOSTAGENT 7.22 11
- 9.9 [CVE-2021-37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)
- 9.1 Update 1 to 3350297 - [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
- 9.1 [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)
- 9.1 Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent
- 9.1 [CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
