CVE-2023-36926 LOW

CVE-2023-36926: Information disclosure vulnerability in SAP Host Agent

Vendor Sap_Se
Product SAP Host Agent
Weakness CWE-306 · Missing auth
Published August 8, 2023
Last update October 10, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
October 10, 2024 Record updated