VDB
CVE-2022-22528
CVE-2022-22528
PUBLISHED
CVSS 4.400000095367432 MEDIUM
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.
EPSS 0.12% · 30.5th percentile
Risk Scores
CVSS 2.0
4.400000095367432
EPSS Score
0.12%
30.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | adaptive_server_enterprise | 16.0 |
| SAP SE | SAP Adaptive Server Enterprise | 16.0 |
Exploit Intelligence
- https://launchpad.support.sap.com/#/notes/3140564 (circl)
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (circl)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
…and 108 more exploits
Timeline
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Feb 9, 2022 CVE Published
- Feb 10, 2022 EPSS Score
- Apr 3, 2022 EPSS Score
- May 26, 2022 EPSS Score
- Jun 7, 2022 PoC Published
- Jul 18, 2022 EPSS Score
- Sep 9, 2022 EPSS Score
- Sep 16, 2022 PoC Published