VYPR
Unrated severityNVD Advisory· Published Jan 10, 2023· Updated Apr 9, 2025

Local Privilege Escalation in SAP Host Agent (Windows)

CVE-2023-0012

Description

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.

Affected products

2
  • SAP/Host Agentllm-create2 versions
    >=7.21, <=7.22+ 1 more
    • (no CPE)range: >=7.21, <=7.22
    • (no CPE)range: 7.21

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.