Lucene search
K
SapHost Agent

15 matches found

CVE
CVE
added 2023/09/12 2:21 a.m.109 views

CVE-2023-40309

CVE-2023-40309 affects SAP CommonCryptoLib and is caused by insufficient authentication checks, enabling possible privilege escalation for an authenticated user and potential reading/modification/deletion of restricted data. The vulnerability is rated CRITICAL (CVSSv3.1: 9.8, AV:N/AC:L/PR:N/UI:N/...

9.8CVSS9.7AI score0.00748EPSS
CVE
CVE
added 2022/06/14 4:59 p.m.105 views

CVE-2022-29612

CVE-2022-29612 affects SAP NetWeaver/ABAP Platform and SAP Host Agent, specifically Kernel sapcontrol startservice. Authenticated users can misuse this webfunctionality to retrieve restricted technical information (e.g., system number, physical address), yielding a limited confidentiality impact....

4.3CVSS4.2AI score0.00626EPSS
CVE
CVE
added 2022/05/11 2:55 p.m.100 views

CVE-2022-28774

The CVE-2022-28774 entry involves SAP Host Agent and describes an information disclosure vulnerability in the SAP Host Agent logfile under certain conditions. Affected component is the SAP Host Agent, with the root cause being unintended sensitive data exposure in log files. Impact is information...

5.5CVSS5.4AI score0.00204EPSS
CVE
CVE
added 2022/06/14 6:27 p.m.94 views

CVE-2022-29614

Summary: CVE-2022-29614 describes a local privilege-escalation vulnerability in the SAP startservice s-bit helper sapuxuserchk on Unix systems, affecting SAP NetWeaver AS ABAP, Application Server Java, ABAP Platform and HANA Database. The issue is triggered by physical access and can lead to priv...

5CVSS5.3AI score0.00439EPSS
CVE
CVE
added 2022/09/13 12:0 a.m.87 views

CVE-2022-35295

CVE-2022-35295 affects SAP Host Agent (SAPOSCOL) 7.22. A privilege-escalation flaw arises from using files created by saposcol, enabling an attacker to escalate to higher privileges and potentially access confidential data. The issue is documented across multiple sources; exploitation details are...

4.9CVSS5.3AI score0.01225EPSS
CVE
CVE
added 2023/09/12 1:21 a.m.82 views

CVE-2023-40308

The CVE-2023-40308 issue affects SAP CommonCryptoLib and is caused by memory corruption triggered by an unauthenticated crafted request sent to an open port. The resulting crash makes the target component unavailable, with no impact on confidentiality or integrity reported. Evidence across multip...

7.5CVSS7.7AI score0.00622EPSS
CVE
CVE
added 2023/01/10 2:44 a.m.68 views

CVE-2023-0012

CVE-2023-0012 affects SAP Host Agent (Windows) versions 7.21 and 7.22 . A local attacker who gains membership in SAP_LocalAdmin can replace executables with a malicious file that runs under a privileged account, enabling local privilege escalation. By default, SAP_LocalAdmin members are denied lo...

6.7CVSS6.2AI score0.00197EPSS
CVE
CVE
added 2023/03/14 5:4 a.m.68 views

CVE-2023-27498

The CVE-2023-27498 issue affects SAP Host Agent (SAPOSCOL) version 7.22. An unauthenticated attacker with network access can send crafted requests to the SAP Start Service port, causing memory corruption. This can disclose server information (confidentiality: LOW) and briefly render a service una...

7.2CVSS7AI score0.00545EPSS
CVE
CVE
added 2023/02/14 3:17 a.m.67 views

CVE-2023-24523

Summary: CVE-2023-24523 affects SAP Host Agent (Start Service) version 7.21 and 7.22. A non-admin user with local access can trigger ConfigureOutsideDiscovery to execute an OS command with administrator privileges, enabling read/modify of any user or system data and potentially making the system ...

8.8CVSS8.2AI score0.00185EPSS
CVE
CVE
added 2020/02/12 7:46 p.m.66 views

CVE-2020-6186

Summary (CVE-2020-6186): SAP Host Agent, v7.21, is reported to allow an attacker to slow down processing of username/password authentication, causing a Denial of Service. The connected sources corroborate a DoS impact from reduced authentication throughput, with no explicit exploitation details o...

7.5CVSS7.5AI score0.01226EPSS
CVE
CVE
added 2020/04/14 6:38 p.m.66 views

CVE-2020-6234

Summary of the CVE : CVE-2020-6234 concerns SAP Host Agent, version 7.21. The vulnerability exists in the operation framework and enables a user with admin privileges to escalate to root on the underlying operating system. The impact is privilege escalation with a high severity rating (CVSS v3.1 ...

7.2CVSS7.1AI score0.03556EPSS
CVE
CVE
added 2020/02/12 7:46 p.m.63 views

CVE-2020-6183

CVE-2020-6183 affects SAP Host Agent, version 7.21. The connected documents describe a vulnerability in which an unprivileged user can read or write the shared memory by sending a request to the main SAPOSCOL process, potentially exposing data such as directory sizes and hardware/OS details due t...

6.5CVSS6.4AI score0.0069EPSS
CVE
CVE
added 2023/08/08 12:38 a.m.62 views

CVE-2023-36926

Summary : SAP Host Agent 7.22 has an information-disclosure flaw due to a missing authentication check, allowing an unauthenticated attacker to set an undocumented parameter to a compatibility value and invoke read functions to expose non-sensitive server information. The impact is limited to inf...

5.3CVSS4.8AI score0.00385EPSS
CVE
CVE
added 2024/11/12 12:27 a.m.53 views

CVE-2024-47595

CVE-2024-47595 is a Local Privilege Escalation in SAP Host Agent. An attacker with membership in the sapsys group can replace local files usually protected by privileged access, impacting confidentiality and integrity of the application. Public details present in multiple sources confirm the loca...

7.1CVSS6.2AI score0.00146EPSS
CVE
CVE
added 2017/10/16 4:0 p.m.50 views

CVE-2017-15297

CVE-2017-15297 concerns SAP Hostcontrol where the SOAP SAPControl endpoint does not require authentication, enabling unauthenticated access. The vulnerability is documented in SAP Security Note 2442993. According to the NVD entry, the affected component is the SAP Hostcontrol SOAP interface, with...

7.5CVSS7.7AI score0.03001EPSS