Vulnerabilities > SAP > Host Agent > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-12 | CVE-2023-40308 | Out-of-bounds Write vulnerability in SAP products SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. | 7.5 |
2023-03-14 | CVE-2023-27498 | Stack-based Buffer Overflow vulnerability in SAP Host Agent 7.22 SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. | 7.2 |
2023-02-14 | CVE-2023-24523 | Exposure of Resource to Wrong Sphere vulnerability in SAP Host Agent 7.21/7.22 An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. | 8.8 |