CVE Catalog

CVE-2023-36926

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

30th percentile — higher than 30% of all known CVEs

Summary

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.

Risk Assessment

An attacker can gain access to some information about the server, which may lead to further attacks, but there is no impact on integrity or availability.

Recommendation

It is recommended to update SAP Host Agent to the latest version to eliminate the authentication check vulnerability.

Original NVD description (English source)

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS