Sap Host_agent
15 CVEs affecting Sap Host_agent. Latest disclosed: 2024-11-12. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-40309 | Critical | 9.8 | 2023-09-12 | SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resu… |
CVE-2023-24523 | High | 8.8 | 2023-02-14 | An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can subm… |
CVE-2023-40308 | High | 7.5 | 2023-09-12 | SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library w… |
CVE-2020-6186 | High | 7.5 | 2020-02-12 | SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, le… |
CVE-2017-15297 | High | 7.5 | 2017-10-16 | SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. |
CVE-2023-27498 | High | 7.2 | 2023-03-14 | SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a… |
CVE-2020-6234 | High | 7.2 | 2020-04-14 | SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating sys… |
CVE-2020-6183 | Medium | 6.5 | 2020-02-12 | SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL proce… |
CVE-2023-0012 | Medium | 6.4 | 2023-01-10 | In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicio… |
CVE-2024-47595 | Medium | 6.3 | 2024-11-12 | An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacke… |
CVE-2022-28774 | Medium | 5.5 | 2022-05-11 | Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. |
CVE-2022-29614 | Medium | 5.0 | 2022-06-14 | SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77… |
CVE-2022-35295 | Medium | 4.9 | 2022-09-13 | In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. |
CVE-2022-29612 | Medium | 4.3 | 2022-06-14 | SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KR… |
CVE-2023-36926 | Low | 3.7 | 2023-08-08 | Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibili… |