CVE-2020-6183Missing Authorization in SE SAP Host Agent

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 51.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Host AgentSAP Host Agent
Timeline
PublishedFeb 12
Latest updateMay 24

Description

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDsap/host_agent7.21
CVEListV5sap_se/sap_host_agent= 7.21

🔴Vulnerability Details

2
GHSA
GHSA-rpjf-7975-m344: SAP Host Agent, version 72022-05-24
CVEList
CVE-2020-6183: SAP Host Agent, version 72020-02-12