CVE-2023-36926

CWE-306Missing AuthenticationCWE-287Improper AuthenticationCWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 47.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Host AgentSAP Host Agent
Timeline
PublishedAug 8

Description

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDsap/host_agent7.22
CVEListV5sap_se/sap_host_agent7.22

🔴Vulnerability Details

2
GHSA
GHSA-8qg9-9fqc-xjj6: Due to missing authentication check in SAP Host Agent - version 72023-08-08
CVEList
Information disclosure vulnerability in SAP Host Agent2023-08-08
CVE-2023-36926 (MEDIUM CVSS 5.3) | Due to missing authentication check | cvebase.io