Lucene search

[email protected]CVE-2023-27498

HistoryMar 14, 2023 - 6:15 a.m.

CVE-2023-27498

2023-03-1406:15:11

CWE-121

[email protected]

web.nvd.nist.gov

sap host agent

saposcol

cve-2023-27498

memory corruption

network access

unauthenticated

nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable

Affected configurations

NVD

Node

saphost_agentMatch7.22

CPENameOperatorVersion
sap:host_agentsap host agenteq7.22

CPE	Name	Operator	Version
sap:host_agent	sap host agent	eq	7.22

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Host Agent (SAPOSCOL)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "7.22"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3275727

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVE-2023-27498

prion1 nvd1 cvelist1