Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 26 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 26 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Description Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability. Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.
Weaknesses CWE-306

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-08-08T00:38:12.784Z

Updated: 2024-10-10T19:02:27.912Z

Reserved: 2023-06-27T21:23:26.300Z

Link: CVE-2023-36926

cve-icon Vulnrichment

Updated: 2024-08-02T17:01:10.044Z

cve-icon NVD

Status : Modified

Published: 2023-08-08T01:15:17.003

Modified: 2024-11-21T08:10:56.577

Link: CVE-2023-36926

cve-icon Redhat

No data.