Lucene search

SapCVELIST:CVE-2020-6183

HistoryFeb 12, 2020 - 7:46 p.m.

CVE-2020-6183

2020-02-1219:46:34

sap

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

32.6%

JSON

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.

CNA Affected

[
  {
    "product": "SAP Host Agent",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "= 7.21"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2836445

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

32.6%

JSON

Related for CVELIST:CVE-2020-6183