Every CVE whose affected-product data names Sap Host Agent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2023-40309 — CVSS 9.8 (critical): SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an…
CVE-2023-24523 — CVSS 8.8 (high): An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions…
CVE-2017-15297 — CVSS 7.5 (high): SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.
CVE-2020-6186 — CVSS 7.5 (high): SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of…
CVE-2023-40308 — CVSS 7.5 (high): SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption…
CVE-2023-27498 — CVSS 7.2 (high): SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start…
CVE-2020-6234 — CVSS 7.2 (high): SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the…
CVE-2020-6183 — CVSS 6.5 (medium): SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the…
CVE-2023-0012 — CVSS 6.4 (medium): In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace…
CVE-2024-47595 — CVSS 6.3 (medium): An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful…
CVE-2022-28774 — CVSS 5.5 (medium): Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
CVE-2022-29614 — CVSS 5.0 (medium): SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL…
CVE-2022-35295 — CVSS 4.9 (medium): In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
CVE-2022-29612 — CVSS 4.3 (medium): SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC…
CVE-2023-36926 — CVSS 3.7 (low): Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a…