CVE-2024-47595Incorrect Privilege Assignment in SE SAP Host Agent

CWE-266Incorrect Privilege Assignment3 documents3 sources
Severity
7.1HIGHNVD
CNA6.3
EPSS
0.1%
top 69.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Host AgentSAP Host Agent
Timeline
PublishedNov 12

Description

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDsap/host_agent7.22
CVEListV5sap_se/sap_host_agentSAPHOSTAGENT 7.22

🔴Vulnerability Details

2
GHSA
GHSA-29qg-j923-rv8r: An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access2024-11-12
CVEList
Local Privilege Escalation in SAP Host Agent2024-11-12
CVE-2024-47595 — Incorrect Privilege Assignment | cvebase