CVE-2022-26100

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system...

CVE-2023-36926

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...

PT-2023-4215 · Sap · Sap Host Agent

Name of the Vulnerable Software and Affected Versions: SAP Host Agent version 7.22 Description: The issue is related to a missing authentication check in the SAP Host Agent, allowing an unauthenticated attacker to set an undocumented parameter to a particular compatibility value. This enables the...

PT-2023-4246 · Sap · Sap Message Server

Name of the Vulnerable Software and Affected Versions: SAP Message Server versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT Description: The issue is related to the Access Control List ACL of the SAP Message...

Memory corruption

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

CVE-2023-24523

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent Start Service - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS...

PT-2023-15947 · Sap · Sap Host Agent

Name of the Vulnerable Software and Affected Versions: SAP Host Agent Windows versions 7.21, 7.22 Description: An attacker who gains local membership to SAP LocalAdmin could replace executables with a malicious file that will be started under a privileged account. This can only occur if the syste...

SAP Host Agent 访问控制错误漏洞

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...

CVE-2022-35295

In SAP Host Agent SAPOSCOL - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves...

CVE-2022-35295

In SAP Host Agent SAPOSCOL - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves...

CVE-2022-35295

CVE-2022-35295 affects SAP Host Agent (SAPOSCOL) 7.22. A privilege-escalation flaw arises from using files created by saposcol, enabling an attacker to escalate to higher privileges and potentially access confidential data. The issue is documented across multiple sources; exploitation details are...

Eaton EASYsoft (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.8 Vendor: Eaton Equipment: EASYsoft Vulnerabilities: Type Confusion, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-007-03 Eaton EASYsoft that was published January 7, 2021, to the ICS webpage on...

Design/Logic Flaw

mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled...

Opera Web Browser 7.x - URI Handler Directory Traversal

Opera Web Browser 7.x - URI Handler Directory Traversal source: https://www.securityfocus.com/bid/9021/info It has been reported that Opera is vulnerable to a directory traversal issue that may allow an attacker to access sensitive information. The problem presents itself due to insufficient...