CVE-2022-35292 Information

Description

In SAP Business One application when a service is created the executable path contains spaces and isn’t enclosed within quotes leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality Integrity and Availability.

Reference

https://launchpad.support.sap.com/#/notes/3223392 https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3