CVE-2023-29187— DLL Hijacking vulnerability in SapSetup (Software Installation Program)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-29187
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DLL Hijacking vulnerability in SapSetup (Software Installation Program)
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP SapSetup 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP SapSetup是德国思爱普(SAP)公司的一个应用程序。用于在 Windows 上安装、更新、维护和分发软件的工具套件。 SAP SapSetup 9.0版本存在代码问题漏洞,攻击者利用该漏洞可以权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP | SapSetup (Software Installation Program) | 9.0 | - |
II. Public POCs for CVE-2023-29187
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-29187
请登录查看更多情报信息。
Same Patch Batch · SAP · 2023-04-11 · 18 CVEs total
| CVE-2023-27497 | 10.0 CRITICAL | Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector) |
| CVE-2023-28765 | 9.8 CRITICAL | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-27267 | 9.0 CRITICAL | Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge) |
| CVE-2023-29186 | 8.7 HIGH | Directory/Path Traversal vulnerability in SAP NetWeaver. |
| CVE-2023-26458 | 6.8 MEDIUM | Information Disclosure vulnerability in SAP Landscape Management |
| CVE-2023-28761 | 6.5 MEDIUM | Missing Authentication check in SAP NetWeaver Enterprise Portal |
| CVE-2023-28763 | 6.5 MEDIUM | Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-27897 | 6.0 MEDIUM | Code Injection vulnerability in SAP CRM |
| CVE-2023-29189 | 5.4 MEDIUM | HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) |
| CVE-2023-29185 | 5.3 MEDIUM | Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages) |
| CVE-2023-24527 | 5.3 MEDIUM | Improper Access Control in SAP NetWeaver AS Java for Deploy Service |
| CVE-2023-29108 | 5.0 MEDIUM | IP filter vulnerability in ABAP Platform and SAP Web Dispatcher |
| CVE-2023-29109 | 4.4 MEDIUM | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) |
| CVE-2023-1903 | 4.3 MEDIUM | Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0) |
| CVE-2023-29110 | 3.7 LOW | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) |
| CVE-2023-29112 | 3.7 LOW | Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring) |
| CVE-2023-29111 | 3.1 LOW | Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service |
IV. Related Vulnerabilities
Same vendor: SAP
- CVE-2023-29189
HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) - CVE-2023-29186
Directory/Path Traversal vulnerability in SAP NetWeaver. - CVE-2023-29185
Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Busine - CVE-2023-29112
Code Injection vulnerability in SAP Application Interface Fr - CVE-2023-29111
Information Disclosure vulnerability in SAP Application Inte
Same weakness: CWE-427
V. Comments for CVE-2023-29187
No comments yet