CVE-2022-31590
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
SAP PowerDesigner Proxy - versión 16.7, permite a un atacante con bajos privilegios y con acceso local, con la capacidad de trabajar alrededor de las restricciones de acceso al disco root del sistema para Escribir/Crear un archivo de programa en la ruta root del disco del sistema, que luego podría ser ejecutado con altos privilegios de la aplicación durante el inicio o reinicio de la aplicación, potencialmente comprometiendo la Confidencialidad, Integridad y Disponibilidad del sistema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-24 CVE Reserved
- 2022-06-14 CVE Published
- 2024-01-05 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2022-06-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Powerdesigner Proxy Search vendor "Sap" for product "Powerdesigner Proxy" | 16.7 Search vendor "Sap" for product "Powerdesigner Proxy" and version "16.7" | - |
Affected
| ||||||