A note with CVSS 6.7 for component BC-CCM-MON-OS was released by SAP on 13.09.2022. The correction/advisory 3159736 was described with "[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix" and affects the system type SAP Host Agent.
A workaround exists, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance.
The vulnerability addressed is insufficient security function within SAP Host Agent.
Risk specificationAn attacker may use files created by saposcol to escalate privileges for themselves.
With this correction saposcol is checking if the file can be appended or a new file is to be created. Although an alternative solution exists, it is advisable to apply the correction! This is the workaround, which was suggested by the SAP security experts: "As a workaround you may restrict the access to the DIR_PERF directory so that user <sid>adm does not have write permissions to it. This has no impact to functionality of saposcol but may exclude other SAP programs like CCMS from access to this information.".
The advisory is valid for
- 6.5 Information Disclosure vulnerability in SAP Business Client
- 6.3 [CVE-2021-21472] Server password not set during installation of SAP NetWeaver Master Data Management 7.1
- 5.4 [CVE-2020-6178] Insufficient session expiration in SAP Enable Now Manager
- 4.9 [CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)
- 4.9 [CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)