CVE-2023-24523
https://notcve.org/view.php?id=CVE-2023-24523
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. • https://launchpad.support.sap.com/#/notes/3285757 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-0012 – Local Privilege Escalation in SAP Host Agent (Windows)
https://notcve.org/view.php?id=CVE-2023-0012
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. • https://launchpad.support.sap.com/#/notes/3276120 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-284: Improper Access Control •
CVE-2022-35295 – SAP@ Host Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-35295
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. En SAP Host Agent (SAPOSCOL) - versión 7.22, un atacante puede utilizar los archivos creados por saposcol para escalar privilegios para sí mismo SAP@ Host Agent suffers from a privilege escalation vulnerability. • http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html http://seclists.org/fulldisclosure/2022/Dec/12 https://launchpad.support.sap.com/#/notes/3159736 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2022-29614 – SAP SAPControl Web Service Interface Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-29614
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. SAP startservice - de SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform y HANA Database - versiones KERNEL versiones 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49 49, 7.53, SAPHOSTAGENT 7.22, - en los sistemas Unix, el programa de ayuda s-bit sapuxuserchk, puede ser abusado físicamente resultando en una escalada de privilegios de un atacante que conlleva a un bajo impacto en la confidencialidad e integridad, pero un profundo impacto en la disponibilidad SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition. • http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2022/Sep/18 https://launchpad.support.sap.com/#/notes/3158619 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-269: Improper Privilege Management •
CVE-2022-29612
https://notcve.org/view.php?id=CVE-2022-29612
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. SAP NetWeaver, ABAP Platform y SAP Host Agent - versiones KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49 53, 8.04, SAPHOSTAGENT 7.22, permite a un usuario autenticado hacer un uso no debido de una función de sapcontrol webfunctionality(startservice) en el Kernel que permite a usuarios maliciosos recuperar información. Si es explotado con éxito, un atacante puede obtener información técnica como el número de sistema o la dirección física, que de otro modo está restringida, causando un impacto limitado en la confidencialidad de la aplicación • https://launchpad.support.sap.com/#/notes/3194674 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-918: Server-Side Request Forgery (SSRF) •