CVE-2023-36926
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.
Risk Assessment
An attacker can gain access to some information about the server, which may lead to further attacks, but there is no impact on integrity or availability.
Recommendation
It is recommended to update SAP Host Agent to the latest version to eliminate the authentication check vulnerability.
Original NVD description (English source)
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.

