CVE-2021-27608
CVE-2021-27608
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
14 Apr 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
SAP SE · SAP SetupWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →