Lucene search

SapCVE-2023-27498

HistoryMar 14, 2023 - 6:15 a.m.

CVE-2023-27498

2023-03-1406:15:11

CWE-121

sap

web.nvd.nist.gov

sap host agent

saposcol

cve-2023-27498

memory corruption

network access

unauthenticated

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

40.8%

JSON

SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable

Affected configurations

Nvd

Node

saphost_agentMatch7.22

VendorProductVersionCPE
saphost_agent7.22cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	host_agent	7.22	cpe:2.3:a:sap:host_agent:7.22:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Host Agent (SAPOSCOL)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "7.22"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3275727

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

40.8%

JSON

Related for CVE-2023-27498