ByteOS Network

NVD Vulnerability Details :

CVE-2023-36926

Modified

Source-cna@sap.com

Published At-08 Aug, 2023 | 01:15

Updated At-26 Sep, 2024 | 19:15

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

SAP SE

>>host_agent>>7.22

cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-306	Primary	cna@sap.com
CWE-287	Secondary	nvd@nist.gov

CWE ID: CWE-306

Type: Primary

Source: cna@sap.com

CWE ID: CWE-287

Type: Secondary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://me.sap.com/notes/3358328	cna@sap.com	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	cna@sap.com	Vendor Advisory

Hyperlink: https://me.sap.com/notes/3358328

Source: cna@sap.com

Resource:

Permissions Required

Hyperlink: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History