CVE-2022-28774Incorrect Authorization in SE SAP Host Agent

CWE-863Incorrect AuthorizationCWE-200Sensitive Information ExposureCWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 86.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Host AgentSAP Host Agent
Timeline
PublishedMay 11
Latest updateMay 12

Description

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsap/host_agent7.22
CVEListV5sap_se/sap_host_agent7.22

🔴Vulnerability Details

2
GHSA
GHSA-rc5c-4c27-cg98: Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted2022-05-12
CVEList
CVE-2022-28774: Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted2022-05-11
CVE-2022-28774 — Incorrect Authorization | cvebase