CVE-2021-27608

low-risk

Published 2021-04-14

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

LOCAL / HIGH complexity

Affected Products (1)

Setup

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/3039649

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Permissions Required https://launchpad.support.sap.com/#/notes/3039649

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal