CVE-2020-6183

Name of the Vulnerable Software and Affected Versions SAP Host Agent version 7.21

Description The issue allows an unprivileged user to read or write to the shared memory by sending a request to the main SAPOSCOL process. This can lead to the user receiving responses that contain data read with root privileges, such as the size of any directory, system hardware, and OS details, due to a Missing Authorization Check.

Recommendations For SAP Host Agent version 7.21, consider restricting access to the shared memory to prevent unauthorized reads or writes until a patch is available. As a temporary workaround, limit the information that can be accessed through the SAPOSCOL process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.