PT-2020-18995 · Sap · Sap Host Agent+1

Published

2020-02-12

Updated

2020-02-19

CVE-2020-6192

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SAP Landscape Management version 3.0

Description The issue allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.

Recommendations For SAP Landscape Management version 3.0, consider restricting access to admin privileges to minimize the risk of exploitation. As a temporary workaround, limit the use of SAP Landscape Management until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-6192

Affected Products

Sap Host Agent

Sap Landscape Management

PT-2020-18995 · Sap · Sap Host Agent+1

CVE-2020-6192

Weakness Enumeration

Related Identifiers

Affected Products

References · 5