Unquoted Service Path Vulnerability in SAPSetup 9.0: Privilege Escalation and Complete Compromise

Unquoted Service Path Vulnerability in SAPSetup 9.0: Privilege Escalation and Complete Compromise

CVE-2021-27608 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

Learn more about our Web Application Penetration Testing UK.