threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sap host agent
Product
sap host agent
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-47595
all versions
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On succes
6.3
MEDIUM
CVE-2023-40309
all versions
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks fo
9.8
CRITICAL
CVE-2023-40308
all versions
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory c
7.5
HIGH
CVE-2023-36926
all versions
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented paramete
3.7
LOW
CVE-2023-27498
all versions
SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the
7.2
HIGH
CVE-2023-24523
all versions
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) -
8.8
HIGH
CVE-2023-0012
all versions
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to repla
6.4
MEDIUM
CVE-2022-35295
all versions
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
4.9
MEDIUM
CVE-2022-29614
all versions
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions K
5.0
MEDIUM
CVE-2022-29612
all versions
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL
4.3
MEDIUM
CVE-2022-28774
all versions
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
5.5
MEDIUM
CVE-2020-6234
all versions
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over
7.2
HIGH
CVE-2020-6186
all versions
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication reque
7.5
HIGH
CVE-2020-6183
all versions
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending reque
6.5
MEDIUM
CVE-2016-8610
all versions
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define
7.5
HIGH
CVE-2017-15297
all versions
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.
7.5
HIGH
CVE-2015-8960
all versions
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCe
8.1
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin