Skip to main content

Host Agent

17 CVEs product

Monthly

CVE-2024-47595 HIGH This Week

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Host Agent
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-40309 CRITICAL Act Now

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Commoncryptolib Content Server Extended Application Services And Runtime +6
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40308 HIGH This Week

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow SAP Commoncryptolib Content Server +7
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36926 MEDIUM This Month

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-27498 HIGH This Week

SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow SAP Host Agent
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-24523 HIGH This Week

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Command Injection Host Agent
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0012 MEDIUM This Month

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass Host Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-35295 MEDIUM POC This Month

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Privilege Escalation Host Agent
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2022-29614 MEDIUM POC This Month

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Host Agent Netweaver Abap
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2022-29612 MEDIUM This Month

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Host Agent Netweaver Abap
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-28774 MEDIUM This Month

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Host Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-6234 HIGH This Week

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Host Agent
NVD
CVSS 3.1
7.2
EPSS
3.6%
CVE-2020-6186 HIGH This Week

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-6183 MEDIUM This Month

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2016-8610 HIGH PATCH Act Now

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.1%.

Denial Of Service OpenSSL Debian Linux Enterprise Linux Desktop Enterprise Linux Server +41
NVD
CVSS 3.1
7.5
EPSS
71.1%
CVE-2017-15297 HIGH This Week

SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2015-8960 HIGH POC This Week

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Transport Layer Security Clustered Data Ontap Antivirus Connector Data Ontap Edge Host Agent +9
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Host Agent
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Commoncryptolib +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow SAP +9
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
EPSS 1% CVSS 7.2
HIGH This Week

SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow SAP +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Command Injection +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass +1
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Privilege Escalation Host Agent
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Host Agent +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Host Agent +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Host Agent
NVD
EPSS 4% CVSS 7.2
HIGH This Week

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Host Agent
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
EPSS 71% CVSS 7.5
HIGH PATCH Act Now

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.1%.

Denial Of Service OpenSSL Debian Linux +43
NVD
EPSS 3% CVSS 7.5
HIGH This Week

SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Transport Layer Security Clustered Data Ontap Antivirus Connector +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy