Vulnerabilities > SAP > Host Agent > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-36926 Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.22
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions.
network
low complexity
sap CWE-306
5.3
2023-01-10 CVE-2023-0012 Improper Access Control vulnerability in SAP Host Agent 7.21/7.22
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account.
local
low complexity
sap CWE-284
6.7
2022-09-13 CVE-2022-35295 Improper Handling of Exceptional Conditions vulnerability in SAP Host Agent 7.22
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
network
low complexity
sap CWE-755
4.9
2022-06-14 CVE-2022-29614 Improper Privilege Management vulnerability in SAP Host Agent and Netweaver Abap
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
low complexity
sap CWE-269
5.0
2022-06-14 CVE-2022-29612 Server-Side Request Forgery (SSRF) vulnerability in SAP Host Agent and Netweaver Abap
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information.
network
low complexity
sap CWE-918
4.3
2022-05-11 CVE-2022-28774 Incorrect Authorization vulnerability in SAP Host Agent 7.22
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
local
low complexity
sap CWE-863
5.5
2020-04-14 CVE-2020-6234 Unspecified vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.
network
low complexity
sap
6.5
2020-02-12 CVE-2020-6186 Missing Authentication for Critical Function vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.
network
low complexity
sap CWE-306
5.0
2020-02-12 CVE-2020-6183 Missing Authorization vulnerability in SAP Host Agent 7.21
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g.
network
low complexity
sap CWE-862
6.4
2017-10-16 CVE-2017-15297 Improper Authentication vulnerability in SAP Host Agent 7.21
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint.
network
low complexity
sap CWE-287
5.0