CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43001 – Multiple Privilege Escalation Vulnerabilities in SAPCAR
https://notcve.org/view.php?id=CVE-2025-43001
08 Jul 2025 — SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system. • https://me.sap.com/notes/3595143 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-42992 – Multiple Privilege Escalation Vulnerabilities in SAPCAR
https://notcve.org/view.php?id=CVE-2025-42992
08 Jul 2025 — SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system. • https://me.sap.com/notes/3595143 • CWE-266: Incorrect Privilege Assignment •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-42971 – Memory Corruption vulnerability in SAPCAR
https://notcve.org/view.php?id=CVE-2025-42971
08 Jul 2025 — A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application. • https://me.sap.com/notes/3595141 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-42970 – Directory Traversal vulnerability in SAPCAR
https://notcve.org/view.php?id=CVE-2025-42970
08 Jul 2025 — SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on con... • https://me.sap.com/notes/3595156 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26100
https://notcve.org/view.php?id=CVE-2022-26100
08 Mar 2022 — SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. SAPCAR - versión 7.22, no contiene suficiente comprobación de entradas en el archivo SAPCAR. Como resultado, el proceso SAPCAR puede fallar, y el atacante puede obtener acceso privilegiado al sistema • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 3CVE-2017-8852 – SAP SAPCAR 721.510 - Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-8852
10 May 2017 — SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560. SAP SAPCAR 721.510 tiene una vulnerabilidad de desbordamiento de búfer basada en memoria dinámica. • https://packetstorm.news/files/id/142462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 4CVE-2016-5845 – SAP SAPCAR - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5845
11 Aug 2016 — SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. SAP SAPCAR no comprueba el valor de retorno de operaciones de archivos cuando se extraen archivos, lo que permite a atacantes remotos provocar una denegación de servicio (caída del programa) a través de un nombre de archivo inválido en un archivo histórico, también conocido c... • https://packetstorm.news/files/id/138284 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 5CVE-2016-5847 – SAP SAPCAR - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5847
11 Aug 2016 — SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384. SAP SAPCAR permite a usuarios locales cambiar los permisos de archivos arbitrarios y consecuentemente obtener privilegios a través de un ataque de enlace duro en archivos extraídos de un archivo, posiblemente relacionado con SAP Security Note 2327384. • https://packetstorm.news/files/id/138284 • CWE-264: Permissions, Privileges, and Access Controls •