Lucene search

SapCVELIST:CVE-2023-27498

HistoryMar 14, 2023 - 5:04 a.m.

CVE-2023-27498 Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL)

2023-03-1405:04:32

CWE-121

sap

www.cve.org

sap host agent

memory corruption

cve-2023-27498

server port

crafted request

technical information

temporary unavailability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

36.9%

JSON

SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Host Agent (SAPOSCOL)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "7.22"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3275727

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

36.9%

JSON

Related for CVELIST:CVE-2023-27498