Vulnerability Details CVE-2017-15297
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/99528
- https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/
- https://erpscan.io/advisories/erpscan-17-034-sap-hostcontrol-unprotected-web-method-dos/
- http://www.securityfocus.com/bid/99528
- https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/
- https://erpscan.io/advisories/erpscan-17-034-sap-hostcontrol-unprotected-web-method-dos/
Products affected by CVE-2017-15297
-
cpe:2.3:a:sap:host_agent:7.21