VDB

CISA-2023-29187

CISA-2023-29187 PUBLISHED CVSS 6.7 MEDIUM

Reported by sap · Published April 11, 2023

A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.

Risk Scores

CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
SAPSapSetup (Software Installation Program)9.0
SAPSapSetup (Software Installation Program)9.0, 9.0

Timeline

  • Apr 11, 2023 CVE Published
  • Feb 26, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›