Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 26 Sep 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Thu, 26 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability. | Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability. |
Weaknesses | CWE-306 |
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2023-08-08T00:38:12.784Z
Updated: 2024-10-10T19:02:27.912Z
Reserved: 2023-06-27T21:23:26.300Z
Link: CVE-2023-36926
Vulnrichment
Updated: 2024-08-02T17:01:10.044Z
NVD
Status : Modified
Published: 2023-08-08T01:15:17.003
Modified: 2024-11-21T08:10:56.577
Link: CVE-2023-36926
Redhat
No data.