Vulnerability in Sap Host_agent
CVE-2020-6234
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
EPSS: 0.036 (87.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Sap Host_agent — versions 7.21
- Sap Se Host Agent — versions < 7.21
Public proof-of-concept exploits
References
- cna@sap.com (x_refsource_MISC, Vendor Advisory)
- cna@sap.com (Permissions Required, x_refsource_MISC, Vendor Advisory)
- cna@sap.com (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- cna@sap.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-6234?
- CVE-2020-6234 is a high-severity vulnerability in Sap Host_agent. CVSS score: 7.2/10. Published 2020-04-14.
- How severe is CVE-2020-6234?
- High severity. CVSS v3 base score is 7.2 out of 10.
- Is CVE-2020-6234 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.