CVE-2023-36926

Name of the Vulnerable Software and Affected Versions SAP Host Agent version 7.22

Description The issue is related to a missing authentication check in the SAP Host Agent, allowing an unauthenticated attacker to set an undocumented parameter to a particular compatibility value. This enables the attacker to call read functions and gather some non-sensitive information about the server. There is no impact on the server's integrity or availability.

Recommendations For SAP Host Agent version 7.22, consider implementing additional authentication checks to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the read functions to minimize the risk of exploitation.