In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-01-10T02:44:38.047Z

Updated: 2024-08-02T04:54:32.561Z

Reserved: 2022-12-16T03:12:52.291Z

Link: CVE-2023-0012

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-10T03:15:10.067

Modified: 2024-11-21T07:36:23.477

Link: CVE-2023-0012

cve-icon Redhat

No data.