Host Agent SAP Host Agent

Do you want an email whenever new security vulnerabilities are reported in SAP Host Agent?

By the Year

In 2022 there have been 3 vulnerabilities in SAP Host Agent with an average score of 4.9 out of ten. Host Agent did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 3 4.93
2021 0 0.00
2020 3 7.07
2019 0 0.00
2018 0 0.00

It may take a day or so for new Host Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent SAP Host Agent Security Vulnerabilities

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk

CVE-2022-29614 5 - Medium - June 14, 2022

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22

CVE-2022-29612 4.3 - Medium - June 14, 2022

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.

XSPA

Under certain conditions, the SAP Host Agent logfile shows information

CVE-2022-28774 5.5 - Medium - May 11, 2022

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.

Insertion of Sensitive Information into Log File

SAP Host Agent, version 7.21

CVE-2020-6234 7.2 - High - April 14, 2020

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses

CVE-2020-6183 6.5 - Medium - February 12, 2020

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.

AuthZ

SAP Host Agent, version 7.21

CVE-2020-6186 7.5 - High - February 12, 2020

SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.

Missing Authentication for Critical Function

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for SAP Host Agent or by SAP? Click the Watch button to subscribe.

SAP
Vendor

subscribe