CVE-2020-6234Improper Privilege Management in SE SAP Host Agent

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.7%
top 27.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Host AgentSAP Host Agent
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_host_agent< 7.21
NVDsap/host_agent7.21

🔴Vulnerability Details

2
GHSA
GHSA-c47h-mcrh-2p6p: SAP Host Agent, version 72022-05-24
CVEList
CVE-2020-6234: SAP Host Agent, version 72020-04-14
CVE-2020-6234 — Improper Privilege Management | cvebase