CVE-2023-24523
https://notcve.org/view.php?id=CVE-2023-24523
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable. • https://launchpad.support.sap.com/#/notes/3285757 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-0012 – Local Privilege Escalation in SAP Host Agent (Windows)
https://notcve.org/view.php?id=CVE-2023-0012
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. • https://launchpad.support.sap.com/#/notes/3276120 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-284: Improper Access Control •
CVE-2020-6234
https://notcve.org/view.php?id=CVE-2020-6234
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. SAP Host Agent, versión 7.21, permite a un atacante con privilegios de administrador utilizar el framework de operación para alcanzar privilegios root sobre el sistema operativo subyacente, conllevando a una escalada de privilegios. • http://packetstormsecurity.com/files/162084/SAP-Host-Control-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2021/Apr/5 https://launchpad.support.sap.com/#/notes/2902645 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 •
CVE-2020-6186
https://notcve.org/view.php?id=CVE-2020-6186
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. SAP Host Agent, versión 7.21, permite a un atacante causar una ralentización en procesamiento de peticiones de autenticación basadas en nombre de usuario/contraseña del SAP Host Agent, conllevando a una Denegación de Servicio. • https://launchpad.support.sap.com/#/notes/2841053 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-306: Missing Authentication for Critical Function •
CVE-2020-6183
https://notcve.org/view.php?id=CVE-2020-6183
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability. SAP Host Agent, versión 7.21, permite a un usuario sin privilegios leer la memoria compartida o escribir en la memoria compartida, mediante el envío de una petición al proceso SAPOSCOL principal y recibiendo respuestas que pueden contener datos leídos con privilegios de usuario root, por ejemplo, el tamaño de cualquier directorio, el hardware del sistema y detalles del sistema operativo, lo que conlleva a una vulnerabilidad de Falta de Comprobación de Autorización. • https://launchpad.support.sap.com/#/notes/2836445 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-862: Missing Authorization •