PT-2023-21173 · Sap · Sap Host Agent
Published
2023-03-14
·
Updated
2023-04-11
·
CVE-2023-27498
CVSS v3.1
7.2
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L |
Fix
Stack Overflow
Weakness Enumeration
Related Identifiers
Affected Products
Sap Host Agent
Published
2023-03-14
·
Updated
2023-04-11
·
CVE-2023-27498
7.2
High
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
SAP Host Agent (SAPOSCOL) version 7.22
Description:
The issue allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request, resulting in a memory corruption error. This error can be used to reveal but not modify any technical information about the server, and it can also make a particular service temporarily unavailable.
Recommendations:
For SAP Host Agent (SAPOSCOL) version 7.22, consider restricting access to the SAP Start Service to minimize the risk of exploitation until a patch is available.
Fix
Stack Overflow