PT-2020-18994 · Sap · Sap Host Agent+1

Published

2020-02-12

Updated

2020-02-19

CVE-2020-6191

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SAP Landscape Management version 3.0

Description The issue allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.

Recommendations For SAP Landscape Management version 3.0, consider restricting access to the SAP Host Agent to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the execution of executables with root privileges to only those that are necessary for system operation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-6191

Affected Products

Sap Host Agent

Sap Landscape Management

PT-2020-18994 · Sap · Sap Host Agent+1

CVE-2020-6191

Weakness Enumeration

Related Identifiers

Affected Products

References · 5