CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28774
https://notcve.org/view.php?id=CVE-2022-28774
11 May 2022 — Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. Bajo determinadas condiciones, el archivo de registro del Agente SAP Host muestra información que de otro modo estaría restringida • https://launchpad.support.sap.com/#/notes/3158188 • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6234 – SAP Host Control Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-6234
14 Apr 2020 — SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. SAP Host Agent, versión 7.21, permite a un atacante con privilegios de administrador utilizar el framework de operación para alcanzar privilegios root sobre el sistema operativo subyacente, conllevando a una escalada de privilegios. A malicious authenticated attacker, with privileges of SAP SMD Agent access, can e... • http://packetstormsecurity.com/files/162084/SAP-Host-Control-Local-Privilege-Escalation.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6186
https://notcve.org/view.php?id=CVE-2020-6186
12 Feb 2020 — SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. SAP Host Agent, versión 7.21, permite a un atacante causar una ralentización en procesamiento de peticiones de autenticación basadas en nombre de usuario/contraseña del SAP Host Agent, conllevando a una Denegación de Servicio. • https://launchpad.support.sap.com/#/notes/2841053 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6183
https://notcve.org/view.php?id=CVE-2020-6183
12 Feb 2020 — SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability. SAP Host Agent, versión 7.21, permite a un usuario sin privilegios leer la memoria compartida o escribir en la memoria compartida, mediante el envío de una petic... • https://launchpad.support.sap.com/#/notes/2836445 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15297
https://notcve.org/view.php?id=CVE-2017-15297
16 Oct 2017 — SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. SAP Hostcontrol no requiere autenticación para el extremo de SOAP SAPControl. Esto corresponde con SAP Security Note 2442993. • http://www.securityfocus.com/bid/99528 • CWE-287: Improper Authentication •