CVE-2022-31590

HIGH Year: 2022
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-428
View all →

Vulnerability Description

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.

Related Vulnerabilities

CVE-2016-15003

HIGH
CVSS:7.8(High)

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of th...

CWE-4282016

CVE-2016-6935

HIGH
CVSS:7.8(High)

Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYST...

CWE-4282016

CVE-2016-8225

HIGH
CVSS:7.8(High)

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.

CWE-4282016

CVE-2017-1000475

HIGH
CVSS:7.8(High)

FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.

CWE-4282017

CVE-2017-11672

HIGH
CVSS:7.8(High)

The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to...

CWE-4282017

CVE-2017-12730

HIGH
CVSS:7.8(High)

An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary ...

CWE-4282017