Vulnerabilities for Host agent (...) - CXSECURITY.COM

Vulnerabilities for 'Host agent'

2022-06-14

CVE-2022-29612

CWE-918

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.

2022-05-11

CVE-2022-28774

CWE-863

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.

2020-04-14

CVE-2020-6234

CWE-269

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

2020-02-12

CVE-2020-6186

CWE-306

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.

CVE-2020-6183

CWE-862

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.

2017-10-16

CVE-2017-15297

CWE-287

SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.

>>> Vendor: SAP 332 Products

Sap r 3 web application server demo

Internet transaction server

Mysap business suite

Sap web application server

Business connector

Internet graphics server

Sap basis component 640

Sap basis component 700

Netweaver nw04s

Internet communication manager

Sap message server

Business objects

Crystal reports server

Business one 2005-a

Businessobjects

J2ee engine core

Crystal reports

System landscape directory

Netweaver business client

Production planning and control

Healthcare industry solution

Erp cental component

Basis communication services

Erp central component

Network interface router

Netweaver logviewer

Netweaver development infrastructure

Customer relationship management

Netweaver solution manager

Netweaver exchange infrastructure (bc-xi)

Bi universal data integration

Ccms / database monitor

Guided procedures archive monitor

Mobile infrastructure

Solution manager

Enterprise portal

Software deployment manager

Enhancement package

Print and output management

Business object processing framework for abap

Netweaver software lifecycle manager

Netweaver abap application server

Profile maintenance

Background processing

Netweaver java application server

Web services tool

Computing center management system monitoring

Transaction data pool

Capacity leveling

Open hub service

Oil industry solution traders and schedulers workbench

Supplier relationship management

Hana extend application services

Netweaver business warehouse

Fi manager self-service

Businessobjects xi

Businessobjects explorer

Adaptive server enterprise

Commoncryptolib

Environment health and safety

Document management services

Customer relationship management internet sales

Payroll process

Business intelligence development workbench

Hana web-based development workbench

Contract accounting

Governance risk and compliance

See all Products for Vendor SAP

Copyright 2024, cxsecurity.com