Vulnerabilities > SAP > Host Agent > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-47595 Unspecified vulnerability in SAP Host Agent 7.22
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access.
local
low complexity
sap
7.1
2023-09-12 CVE-2023-40308 Out-of-bounds Write vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap CWE-787
7.5
2023-03-14 CVE-2023-27498 Stack-based Buffer Overflow vulnerability in SAP Host Agent 7.22
SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error.
network
low complexity
sap CWE-121
7.2
2023-02-14 CVE-2023-24523 Exposure of Resource to Wrong Sphere vulnerability in SAP Host Agent 7.21/7.22
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.
local
low complexity
sap CWE-668
8.8
2020-04-14 CVE-2020-6234 Unspecified vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
network
low complexity
sap
7.2
2020-02-12 CVE-2020-6186 Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.
network
low complexity
sap CWE-306
7.5
2017-10-16 CVE-2017-15297 Improper Authentication vulnerability in SAP Host Agent 7.21
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint.
network
low complexity
sap CWE-287
7.5