CVE-2024-47595 MEDIUM

CVE-2024-47595: Local Privilege Escalation in SAP Host Agent

Vendor Sap_Se
Product SAP Host Agent
Weakness CWE-266
Published November 12, 2024
Last update November 12, 2024

CVSS base score

6.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 12, 2024 Record updated