SAP Host Agent 7.21

CPE Details

SAP Host Agent 7.21
7.21
2022-04-01
14h17 +00:00
2022-04-08
16h23 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sap:host_agent:7.21:*:*:*:*:*:*:*

Informations

Vendor

sap

Product

host_agent

Version

7.21

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-24523 2023-02-14 03h17 +00:00 An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.
8.8
High
CVE-2023-0012 2023-01-10 02h44 +00:00 In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.
6.7
Medium
CVE-2020-6234 2020-04-14 16h38 +00:00 SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
7.2
High
CVE-2020-6186 2020-02-12 18h46 +00:00 SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.
7.5
High
CVE-2020-6183 2020-02-12 18h46 +00:00 SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.
6.5
Medium