VYPR
Unrated severityNVD Advisory· Published Aug 8, 2023· Updated Oct 10, 2024

Information disclosure vulnerability in SAP Host Agent

CVE-2023-36926

Description

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.

Affected products

2
  • SAP/Host Agentllm-fuzzy2 versions
    =7.22+ 1 more
    • (no CPE)range: =7.22
    • (no CPE)range: 7.22

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.