Описание
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
EPSS
3.7 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.
Уязвимость программного средства управления жизненным циклом продуктов SAP Host Agent, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
3.7 Low
CVSS3
5.3 Medium
CVSS3