VDB
CISA-2023-29187
CISA-2023-29187
PUBLISHED
CVSS 6.7 MEDIUM
Reported by sap · Published April 11, 2023
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.
Risk Scores
CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP | SapSetup (Software Installation Program) | 9.0 |
| SAP | SapSetup (Software Installation Program) | 9.0, 9.0 |
Timeline
- Apr 11, 2023 CVE Published
- Feb 26, 2025 CVE Updated