Lucene search

K

4 matches found

CVE
CVE
added 2023/03/14 6:15 a.m.53 views

CVE-2023-27498

SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

7.2CVSS7AI score0.0018EPSS
CVE
CVE
added 2023/02/14 4:15 a.m.50 views

CVE-2023-24523

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS...

8.8CVSS8.2AI score0.00036EPSS
CVE
CVE
added 2023/01/10 3:15 a.m.45 views

CVE-2023-0012

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to lo...

6.7CVSS6.2AI score0.0004EPSS
CVE
CVE
added 2023/08/08 1:15 a.m.45 views

CVE-2023-36926

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no im...

5.3CVSS4.8AI score0.00219EPSS