Sap Host_agent

15 CVEs affecting Sap Host_agent. Latest disclosed: 2024-11-12. Critical: 1, High: 6.

Top CVEs affecting Sap Host_agent
CVESeverityScorePublishedSummary
CVE-2023-40309Critical9.82023-09-12SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resu…
CVE-2023-24523High8.82023-02-14An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can subm…
CVE-2023-40308High7.52023-09-12SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library w…
CVE-2020-6186High7.52020-02-12SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, le…
CVE-2017-15297High7.52017-10-16SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.
CVE-2023-27498High7.22023-03-14SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a…
CVE-2020-6234High7.22020-04-14SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating sys…
CVE-2020-6183Medium6.52020-02-12SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL proce…
CVE-2023-0012Medium6.42023-01-10In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicio…
CVE-2024-47595Medium6.32024-11-12An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacke…
CVE-2022-28774Medium5.52022-05-11Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
CVE-2022-29614Medium5.02022-06-14SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77…
CVE-2022-35295Medium4.92022-09-13In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
CVE-2022-29612Medium4.32022-06-14SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KR…
CVE-2023-36926Low3.72023-08-08Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibili…