CVE-2021-27608 — HIGH (7.5)

Vulnerability Description

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sap	Setup	9.0

Related Weaknesses (CWE)

CWE-428

References

https://launchpad.support.sap.com/#/notes/3039649Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649Vendor Advisory
https://launchpad.support.sap.com/#/notes/3039649Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649Vendor Advisory

FAQ

What is CVE-2021-27608?

CVE-2021-27608 is a vulnerability with a CVSS score of 7.5 (HIGH). An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead...

How severe is CVE-2021-27608?

CVE-2021-27608 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-27608?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Setup.