CVE-2022-35292
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
Date published : 2022-09-13
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3