CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-24523

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.2%

CVSS Severity

CVSS v3 Score 8.8

References

https://launchpad.support.sap.com/#/notes/3285757
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3285757
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2023-24523

Sap » Host Agent » Version: 7.21

cpe:2.3:a:sap:host_agent:7.21
Sap » Host Agent » Version: 7.22

cpe:2.3:a:sap:host_agent:7.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-24523

Products

Pricing

Contact Us