Vulnerability CVE-2022-35292
Published: 2022-09-13

Description:
In SAP Business One application when a service is created, the executable path contains spaces and isn??t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.

Type:

CWE-428

 (Unquoted Search Path or Element)

 References:
https://launchpad.support.sap.com/#/notes/3223392
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3
Copyright 2026, cxsecurity.com

 

Back to Top