Unrated severityNVD Advisory· Published Jan 10, 2023· Updated Apr 9, 2025
Local Privilege Escalation in SAP Host Agent (Windows)
CVE-2023-0012
Description
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.
Affected products
2>=7.21, <=7.22+ 1 more
- (no CPE)range: >=7.21, <=7.22
- (no CPE)range: 7.21
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.