cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-47595,https://securityvulnerability.io/vulnerability/CVE-2024-47595,"Attacker Could Replace Local Files, Causing High Impact on Confidentiality and Integrity","A local file replacement vulnerability exists within SAP systems, where an attacker with membership in the sapsys group can exploit this weakness to replace files normally protected by higher privilege levels. This exploitation can significantly undermine the confidentiality and integrity of the affected applications, leading to unauthorized access and modifications to sensitive data. Organizations using SAP applications should be vigilant and apply necessary security patches to mitigate potential risks associated with this vulnerability.",SAP,SAP Host Agent,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T00:27:23.692Z,0
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2023-36926,https://securityvulnerability.io/vulnerability/CVE-2023-36926,Information disclosure vulnerability in SAP Host Agent,"Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.",SAP,SAP Host Agent,3.7,LOW,0.0008299999753944576,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2022-35295,https://securityvulnerability.io/vulnerability/CVE-2022-35295,,"In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.",SAP,SAP Host Agent (SAPoscol),4.9,MEDIUM,0.0023900000378489494,false,false,false,false,,false,false,2022-09-13T00:00:00.000Z,0
CVE-2022-29612,https://securityvulnerability.io/vulnerability/CVE-2022-29612,,"SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.",SAP,"SAP Netweaver, Abap Platform And SAP Host Agent",4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-06-14T16:59:05.000Z,0
CVE-2022-29616,https://securityvulnerability.io/vulnerability/CVE-2022-29616,,"SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.",SAP,"SAP Netweaver And Abap Platform,SAP Host Agent",7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2022-05-11T15:08:03.000Z,0
CVE-2022-28774,https://securityvulnerability.io/vulnerability/CVE-2022-28774,,"Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.",SAP,SAP Host Agent,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-05-11T14:55:29.000Z,0
CVE-2020-6234,https://securityvulnerability.io/vulnerability/CVE-2020-6234,,"SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.",SAP,SAP Host Agent,7.2,HIGH,0.004269999917596579,false,false,false,false,,false,false,2020-04-14T18:38:12.000Z,0
CVE-2020-6186,https://securityvulnerability.io/vulnerability/CVE-2020-6186,,"SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service.",SAP,SAP Host Agent,7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2020-02-12T19:46:43.000Z,0
CVE-2020-6183,https://securityvulnerability.io/vulnerability/CVE-2020-6183,,"SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.",SAP,SAP Host Agent,5.3,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2020-02-12T19:46:34.000Z,0