CVE-2022-22528
Published: 09 February 2022
Summary
CVE-2022-22528 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Sap Adaptive Server Enterprise. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 30.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27674
Vulnerability details
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation…
more
on the local system. The issue is with the ASE installer and does not impact other ASE binaries.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.